← Back to Skills Marketplace
pctx — MCP Aggregation & Code Mode
by
cianbyrne1010
· GitHub ↗
· v1.0.1
· MIT-0
86
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install pctx
Description
MCP aggregation and Code Mode execution layer for token-efficient agent workflows. Wraps portofcontext/pctx — connects agents to Linear, GitHub, and other MC...
Usage Guidance
What to check before installing:
- Confirm platform: the scripts use launchd (macOS). If you're not on macOS, the daemon/start logic won't work.
- Review third-party sources: verify the Homebrew tap (portofcontext/tap) and the npm package (@tacticlaunch/mcp-linear) authors/URLs before running install.sh or npm install -g.
- Secrets handling: adding MCPs will store API keys in ~/.config/pctx/pctx.json and create timestamped backups there. Decide whether you accept these files (they are chmod 600 but persist on disk); if not, avoid adding upstreams or ensure you have secure backup/cleanup policies.
- Persistent daemon: inspect the launchd plist (~/Library/LaunchAgents/ai.openclaw.pctx.plist) before loading it. A running daemon exposes a local HTTP endpoint that can forward requests to external MCPs — understand and control which MCPs/endpoints you connect.
- Local code execution: Code Mode runs user-supplied TypeScript in Deno; this enables powerful automation but also can execute arbitrary logic inside the sandbox. Limit which agents/users can send code to the /mcp endpoint.
- Discrepancies to clarify with the publisher: SKILL.md frontmatter lists required tools (brew, npm, node) but the registry required binaries is empty, and the skill lacks an official install spec. Ask the maintainer to document supported OSes and to include a safe install manifest or package.
If you proceed, run install.sh in a controlled environment, inspect the generated plist and ~/.config/pctx/pctx.json, and avoid adding upstream MCPs until you’ve reviewed the trustworthiness of their tokens and endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: pctx
Version: 1.0.1
The pctx skill provides an MCP aggregation layer that manages sensitive API tokens (GitHub, Linear) and executes TypeScript via a local Deno sandbox. While its stated purpose is legitimate, the `pctx-skill.sh` script contains a shell injection vulnerability in the `cmd_test` function. Specifically, the script interpolates user-controlled variables (`ns` and `fn`) directly into a Python command string executed via `python3 -c`, which could allow an attacker or a malicious prompt to execute arbitrary shell commands. Additionally, the skill implements persistence via `launchd` and manages secrets in `~/.config/pctx/pctx.json`, which are high-risk behaviors that, combined with the injection flaw, justify a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's name/description align with the scripts and SKILL.md: it wraps a local pctx server, manages MCP servers, and offers a Code Mode via a Deno sandbox. However the skill appears Mac-oriented (uses launchd/~/Library/LaunchAgents) while registry metadata lists no OS restriction. SKILL.md metadata also claims required tools (brew, npm, node) even though the registry 'required binaries' is empty — a mismatch that should be clarified.
Instruction Scope
Instructions and scripts operate on the local pctx endpoint (http://127.0.0.1:8080/mcp), config at ~/.config/pctx/pctx.json, and logs in /tmp. They also provide commands to add MCPs that accept environment-style secrets (LINEAR_API_TOKEN, GITHUB_PERSONAL_ACCESS_TOKEN). Adding MCPs will cause the skill to store credentials in the pctx config and create backups. The skill does not instruct reading unrelated system files, but it does manage files containing secrets (config and backups) and interacts with launchd — both are higher-impact actions than a pure read-only helper.
Install Mechanism
No centralized install spec in the registry, but included install.sh performs brew installs (portofcontext/tap/pctx, deno, github-mcp-server) and an npm global install (@tacticlaunch/mcp-linear). These are traceable package managers (brew and npm) rather than arbitrary downloads, which is lower risk, but you should verify the Homebrew tap and npm package authors before installing globally.
Credentials
The skill declares no required env vars, which matches the registry, but its documentation and runtime commands expect users to supply API tokens for MCPs (e.g., LINEAR_API_TOKEN, GITHUB_PERSONAL_ACCESS_TOKEN) when adding upstream servers. Those secrets will be saved in ~/.config/pctx/pctx.json and in automatic backups (copies created by cmd_config_backup). Backups are chmod 600, but they still persist on disk—this storage of credentials is a proportional but important sensitive side-effect that the user must accept.
Persistence & Privilege
The skill installs and expects a launchd plist at ~/Library/LaunchAgents/ai.openclaw.pctx.plist and loads/unloads it (start/stop/restart). That grants the skill a persistent local daemon on macOS. 'always' is false, and the skill does not modify other skills' configs, but the plist and daemon mean ongoing background network activity (the local MCP endpoint can proxy to external MCPs). Confirm you want a persistent agent and review the plist content before loading.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pctx - After installation, invoke the skill by name or use
/pctx - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix ClawHub security flag: replaced generic shell syntax examples with concrete named commands. No functional changes.
v1.0.0
Initial release. Wraps portofcontext/pctx v0.7.1. Aggregates Linear MCP (42 tools) + GitHub MCP (41 tools) via stdio. Code Mode executes TypeScript in Deno sandbox for up to 98% token reduction on batch tool workflows. start/stop/restart daemon, mcp-add/remove/list, config backup/restore, live tool testing.
Metadata
Frequently Asked Questions
What is pctx — MCP Aggregation & Code Mode?
MCP aggregation and Code Mode execution layer for token-efficient agent workflows. Wraps portofcontext/pctx — connects agents to Linear, GitHub, and other MC... It is an AI Agent Skill for Claude Code / OpenClaw, with 86 downloads so far.
How do I install pctx — MCP Aggregation & Code Mode?
Run "/install pctx" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is pctx — MCP Aggregation & Code Mode free?
Yes, pctx — MCP Aggregation & Code Mode is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does pctx — MCP Aggregation & Code Mode support?
pctx — MCP Aggregation & Code Mode is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created pctx — MCP Aggregation & Code Mode?
It is built and maintained by cianbyrne1010 (@cianbyrne1010); the current version is v1.0.1.
More Skills