turso-db

This SKILL.md is primarily documentation for the Turso database and does not itself contain executable code beyond install instructions. No hardcoded secrets or obfuscated payloads were found. However, there are several supply-chain and data-exposure risks to note: (1) the recommended curl | sh installer is a download-and-execute pattern that materially increases supply-chain risk even when sourcing from a GitHub releases URL; (2) the MCP server mode exposes a database to networked agents which can leak or modify data if not tightly secured; and (3) remote sync features imply uploading DB contents to remote services (Turso Cloud) and could exfiltrate sensitive data if misconfigured or if encryption is not enabled. Overall, the documentation describes powerful capabilities that are legitimate for a DB product, but operations that enable remote access or execute remote installers are high-risk actions and should be treated with caution. Users should avoid curl|sh installers unless they verify and pin release artifacts, ensure MCP and sync modes are authenticated and encrypted, and enable experimental encryption deliberately after reviewing its maturity.