Claimable Postgres
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for creating temporary Neon Postgres databases, but users should notice that it can run latest-version tooling and store generated database access URLs in a project .env file.
This appears reasonable for quick temporary Postgres setup. Before using it, decide whether you want the REST API, CLI, or plugin path; avoid committing generated .env values; avoid putting sensitive data into a throwaway database; and consider pinning or reviewing external packages if using the CLI or Vite plugin.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI method is used, the package version may change over time and can modify the project .env file.
The documented CLI workflow executes the latest version of an external package rather than a pinned version. This is central to the skill, but users have less control over exactly what code runs.
`npx neon-new@latest --yes` ... `Always use @latest and --yes`
Prefer the REST API path for minimal local execution, or pin/review the CLI package version before use in sensitive projects.
Anyone who can read the .env value may be able to connect to the temporary database until it expires or is rotated.
The generated database connection string is an access-bearing credential for the temporary database. Storing it in .env is expected, but it still needs normal secret-handling care.
Write `connection_string` to the project's `.env` as `DATABASE_URL`.
Confirm the target .env file, keep generated URLs out of source control, and only use throwaway or non-sensitive data unless the database has been properly secured.
A future local dev run could create a new temporary database if the environment variable is absent.
Installing the optional plugin can create continuing project behavior that provisions a database later when the dev server starts. The artifact discloses this, and it fits the skill purpose.
`vite-plugin-neon-new`: Auto-provisions on `vite dev` if `DATABASE_URL` is missing.
Use the plugin only when this automatic behavior is desired, and remove or disable it after the temporary setup is no longer needed.