PCO CLI - Planning Center Services
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could modify or delete Planning Center Services data in the connected account.
The skill exposes a raw API escape hatch with write and delete methods for arbitrary endpoints, without documented guardrails or confirmation requirements.
pco api POST /endpoint --data '{"key": "value"}'
pco api PATCH /endpoint --file data.json
pco api DELETE /endpointRestrict raw API use, require explicit user confirmation for POST/PATCH/DELETE, document allowed endpoints, and prefer read-only scoped commands by default.
A user would be trusting code outside the skill package, including whatever that local path or repository version contains.
The skill directs execution of a local TypeScript file that is not included in the submitted package, so the actual CLI behavior and dependencies were not reviewable in these artifacts.
tsx /Users/ruby/Projects/pco-cli/pco.ts <command>
Package the CLI code with the skill or pin a reviewed repository commit, declare required binaries such as tsx, and provide an install spec or checksum-based provenance.
The agent may act with the user's Planning Center permissions, including access to people and scheduling data and, through the raw API, possible account changes.
The skill relies on local Planning Center credentials, but the metadata declares no primary credential, required environment variable, or config path, and the credential scope is not described.
Credentials stored in `~/.config/pco-cli/config.json`
Declare the credential/config requirement, document the exact credential type and minimum permissions, and recommend least-privilege or read-only credentials where possible.