claimable-postgres
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses curl to interact with the pg.new REST API and npx to run the get-db CLI tool. These are standard operations for the skill's intended purpose of database provisioning.
- [EXTERNAL_DOWNLOADS]: The skill downloads the get-db and vite-plugin-db packages from the NPM registry. It also makes network requests to https://pg.new. All these resources are owned and maintained by the vendor, Neon, and are considered safe.
- [CREDENTIALS_UNSAFE]: The skill handles sensitive database connection strings (DATABASE_URL) and instructs the agent to store them in a local .env file. Security instructions are included to ensure these files are not committed to version control and that existing credentials are not overwritten without user consent.
Audit Metadata