claimable-postgres

The skill's stated purpose (provision quick, no-signup temporary Postgres databases and write connection details to an env file) is coherent with the described HTTP-based provisioning flow, multiple delivery methods, and the resulting data artifacts (connection_string, claim_url, expires_at). There is a reasonable, proportionate data flow to an external API and local env file writes. The footprint stays within expected boundaries for a developer tooling helper. No unverifiable binaries or credential forwarding patterns are evident. The main risks are typical for remote provisioning tools: potential accidental exposure of database URLs in shared repos or logs and the reliance on the external service for ephemeral resources. Overall verdict: BENIGN with cautions (suspicious-level risk notes kept moderate due to data exposure potential).