security-governance
Security and Governance
Use this skill when the user is evaluating whether MotherDuck can meet their security, governance, and deployment requirements. This is a workflow skill focused on control boundaries and safe patterns.
Source Of Truth
- Prefer current MotherDuck public trust, security, pricing, and product documentation.
- If the MotherDuck MCP
ask_docs_questionfeature is available, use it first. - Verify claims against live public materials before making compliance or commercial assertions.
Default Posture
- Prefer service accounts for production systems, not personal tokens.
- Keep credentials in backend-controlled secrets, not browsers or hardcoded notebooks.
- Prefer structural isolation over query-time tenant filtering for serious B2B or CFA workloads.
- Treat region and residency as first-class architectural constraints that require current public confirmation.
- Be explicit about whether the boundary is a share, a Dive, a database, or a full application.
Workflow
More from motherduckdb/agent-skills
motherduck-security-governance
Explain MotherDuck security, governance, and access-control patterns. Use when a security_compliance_owner, technical_owner, or application_builder is asking about residency, access boundaries, service accounts, isolation, sharing, or governance posture.
57motherduck-duckdb-sql
DuckDB SQL reference for MotherDuck. Use when you need exact DuckDB syntax, function behavior, supported MotherDuck SQL features, or to resolve whether PostgreSQL-oriented SQL will fail on MotherDuck.
56motherduck-build-cfa-app
Design a MotherDuck-backed customer-facing analytics app. Use when building embedded or product analytics for external users and the decision depends on per-customer isolation, backend routing, service-account boundaries, read scaling, or Hypertenancy-style patterns.
55motherduck-build-data-pipeline
Design an end-to-end MotherDuck pipeline. Use when choosing raw, staging, and analytics boundaries, bulk ingestion paths, transformation sequencing, publication targets, or whether DuckLake is actually required.
55motherduck-ducklake
Decide when DuckLake is the right MotherDuck storage pattern. Use when evaluating fully managed DuckLake, BYOB, own-compute DuckLake access, data inlining, object-storage layout, or file-aware maintenance instead of native MotherDuck storage.
55motherduck-create-dive
Create, edit, manage, share, or embed MotherDuck Dives. Use when the work involves Dive authoring, live React + SQL components, MCP get_dive_guide, useSQLQuery, local preview, version history, Dives-as-code, required resources, team sharing, or embedded Dive sessions.
55