moai-baas-neon-ext

This skill is consistent with its stated purpose: Neon/PostgreSQL architecture, branching, performance, and migration guidance integrated with Context7 docs. I found no signs of deliberate malicious code, obfuscated payloads, or credential-harvesting endpoints. The main security concerns are: the Next.js example disables TLS verification (ssl.rejectUnauthorized = false), which should be corrected; logging slow query text could expose sensitive data in logs and should be redacted; and the allowed-tools scope is broad — ensure runtime authorization and least privilege for any agent executing these actions. Overall the skill is legitimate but requires standard operational safeguards before use (fix TLS config, limit logging of sensitive queries, and restrict agent/tool permissions).