Can PM Skills Execute External Tools?

PM Skills cannot directly execute external tools; it is a catalog of declarative Markdown definitions that describes product‑management workflows for AI coding assistants, while the host platform (Claude, Gemini, etc.) handles the actual invocation of any external utilities.

PM Skills is a specialized repository containing skills, commands, and plugin manifests written in Markdown. While it provides structured workflows for AI coding assistants, the repository itself contains no runtime execution engine capable of launching external programs or shell commands.

What Is PM Skills?

PM Skills serves as a declarative catalog of product‑management workflows designed for AI assistants like Claude, Gemini CLI, and Cursor. The repository organizes these workflows as Markdown files—defining skills, commands, and plugin manifests—rather than executable scripts. According to the source code in CLAUDE.md, the project follows a strict design philosophy where commands function as descriptive verbs rather than execution mechanisms.

Why PM Skills Cannot Execute External Tools

No Runtime Code or Subprocess Calls

A comprehensive search of the entire codebase reveals zero occurrences of subprocess, os.system, sh, or any other mechanism that spawns child processes. The repository contains no runtime code capable of launching external binaries. The only Python script, validate_plugins.py, functions strictly as a static validator that checks JSON manifest integrity and front‑matter syntax without ever invoking external programs.

Commands as Declarative Verbs

The architectural design explicitly prohibits execution. In CLAUDE.md, the core design rule states that "Commands use a single $ARGUMENTS placeholder. Skills need no placeholders (they read context from the conversation)." This structure confirms that commands are interpreted by the host AI platform, not executed by the repository itself. The Markdown files provide blueprints that tell the AI what steps to perform, but they contain no logic to run those steps directly.

How External Tool Orchestration Actually Works

While PM Skills cannot execute tools, it can orchestrate them through documentation. Consider the /ship-check command defined in pm-ai-shipping/commands/ship-check.md. This command coordinates specialist sub‑commands like /document-app and /security-audit-static to produce a final shipping artifact. However, the Markdown file only documents the sequence:

---
description: Turn a vibe‑coded repo into a reviewer‑ready shipping packet …
argument-hint: "<repo path or area; defaults to the whole repository>"
---
/ship-check …

The actual execution of /document-app, /security-audit-static, or any external audit tool happens within the surrounding AI environment (Claude Desktop, Gemini CLI, etc.), not inside the PM Skills repository. The repository provides the recipe; the host platform provides the kitchen.

Code Evidence of Non‑Execution

The static nature of the codebase is evident in the validator script:


# validate_plugins.py (conceptual representation)

def main():
    # Loads JSON manifests, checks required fields, validates front‑matter.

    # No call to subprocess or os.system.

    pass

Similarly, command definitions contain only declarative metadata:


# Located in pm-ai-shipping/commands/ship-check.md

# This file documents workflow steps but contains no executable code

# to run external security scanners or documentation generators.

Summary

  • PM Skills is a declarative Markdown catalog, not a runtime execution environment.
  • The repository contains zero subprocess calls or system invocation mechanisms.
  • Commands are descriptive verbs interpreted by host AI platforms (Claude, Gemini, Cursor), not executors.
  • External tool orchestration is delegated to the host environment; PM Skills only provides the workflow definition.
  • The validate_plugins.py script performs static validation only, checking manifest syntax without spawning external processes.

Frequently Asked Questions

Can PM Skills run shell commands or scripts?

No. PM Skills contains no runtime code capable of executing shell commands. The repository consists entirely of Markdown documentation and JSON manifests that describe workflows. Any shell execution must be performed by the AI assistant or IDE that consumes these definitions.

How does PM Skills interact with external tools like security scanners?

PM Skills documents the interaction but does not perform it. For example, a command like /security-audit-static is defined in a Markdown file that describes what the AI should do, but the actual execution of the security scanning tool occurs in the host AI's environment (such as Claude Desktop or Gemini CLI), not within the PM Skills repository itself.

What is the purpose of the validate_plugins.py script?

The validate_plugins.py file is a static validator that checks the integrity of plugin manifests and front‑matter syntax. It loads JSON files and verifies required fields are present, but it never invokes subprocess, os.system, or any external binaries. It ensures the declarative definitions are well‑formed, not that they execute correctly.

Do PM Skills commands use placeholders for arguments?

Yes. According to CLAUDE.md, commands use a single $ARGUMENTS placeholder to indicate where user input should be inserted. Skills require no placeholders because they read context from the conversation. This design reinforces that commands are templates for the AI to interpret, not scripts for the operating system to execute.

Have a question about this repo?

These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:

Share the following with your agent to get started:
curl -s "https://instagit.com/install.md"

Works with
Claude Codex Cursor VS Code OpenClaw Any MCP Client

Maintain an open-source project? Get it listed too →