Credential Access
High
- Category
- Privilege Escalation
- Content
set -e # 加载环境变量 if [ -f .env ]; then source .env fi- Confidence
- 95% confidence
- Finding
- .env
Security audit
Security checks across malware telemetry and agentic risk
This is a legitimate PostgreSQL administration skill, but it gives an agent broad database credential and raw SQL authority without built-in safety limits.
Install only if you intentionally want an agent to operate PostgreSQL. Use a least-privileged or read-only database user by default, keep .env and ~/.pgpass private, run scripts only from trusted directories, and manually approve any UPDATE, DELETE, DDL, restore, bulk export, or backup-retention action.
set -e
# 加载环境变量
if [ -f .env ]; then
source .env
fi# 加载环境变量
if [ -f .env ]; then
source .env
fi
# 默认值62/62 vendors flagged this skill as clean.
No suspicious patterns detected.