Planetscale Cli Skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate PlanetScale CLI helper, but it can use your PlanetScale credentials to make real database and deployment changes.
Install only if you want the agent to help run PlanetScale CLI workflows. Before use, confirm the target org, database, and branch; avoid automatic production deploys unless explicitly approved; keep service tokens in a secrets manager; and review any bundled script, especially the omitted sync script, before executing it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken database, branch, or deploy request could change production schema or affect application availability.
The script can create and deploy a PlanetScale deploy request when the user passes --deploy. This is purpose-aligned, but it can apply production schema changes and does not require an additional interactive confirmation.
pscale deploy-request diff "$DATABASE" "$DR_NUMBER" "${ORG_ARGS[@]}" || true ... if [[ "$AUTO_DEPLOY" == true ]]; then ... pscale deploy-request deploy "$DATABASE" "$DR_NUMBER"Use --deploy only after reviewing the diff and confirming the target database, branch, and organization. Prefer manual review for production deployments.
The agent may be able to create, delete, deploy, or manage resources permitted by the configured PlanetScale account or token.
The skill relies on local PlanetScale authentication or service tokens. This is expected for pscale operations, but those credentials authorize real account and database actions.
Requires PlanetScale CLI authentication via 'pscale auth login' (stores token in ~/.config/planetscale/). ... PLANETSCALE_SERVICE_TOKEN_ID ... PLANETSCALE_SERVICE_TOKEN
Use least-privilege PlanetScale access, store service tokens in a secrets manager, rotate tokens regularly, and avoid sharing debug output or command output that contains credentials.
Running the scripts executes local shell commands that call the PlanetScale CLI.
The skill intentionally provides bash scripts. The reviewed scripts are purpose-aligned and avoid eval/dynamic execution, but running bundled shell scripts is still a capability users should notice.
Automation scripts are executed directly via shell (bash). No network access beyond pscale CLI calls. Scripts do not use eval or dynamic code execution; all pscale arguments are passed as discrete tokens.
Review scripts before running them, especially in CI/CD, and run them only from a trusted checkout.
Installing an external CLI from an unverified download could affect the local system if the source or download is compromised.
The setup instructions include downloading the latest external PlanetScale CLI binary and moving it into a privileged PATH location. This is normal installation guidance, but it is unpinned and depends on trusting the upstream download.
wget https://github.com/planetscale/cli/releases/latest/download/pscale_X.X.X_linux_amd64.tar.gz ... sudo mv pscale /usr/local/bin/
Install pscale from official PlanetScale channels, verify releases where possible, and avoid running untrusted binaries with elevated privileges.