Postgres Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only PostgreSQL review helper, and the flagged URL appears only in example code rather than hidden data transmission.

Reasonable to install as a PostgreSQL code review reference. Treat all included SQL and Python snippets as examples to adapt carefully in your own code, especially snippets involving account updates, locks, or placeholder credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

External Transmission

Medium

Category: Data Exfiltration
Content: # Holding connection during external API call! async with httpx.AsyncClient() as client: response = await client.get(f"https://api.example.com/users/{user_id}") await conn.execute( "UPDATE users SET api_data = $1 WHERE id = $2",
Confidence: 50% confidence
Finding: https://api.example.com/

External Transmission

Medium

Category: Data Exfiltration
Content: # Connection released during API call async with httpx.AsyncClient() as client: response = await client.get(f"https://api.example.com/users/{user_id}") async with pool.acquire() as conn: await conn.execute(
Confidence: 50% confidence
Finding: https://api.example.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal