pgvector
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent pgvector reference skill, but users should verify the local database target and review any write/delete operations before using it.
This skill appears purpose-aligned and instruction-only. Before installing or using it, change the sample PostgreSQL connection to your own dedicated database/schema and least-privilege user, and approve any CREATE, UPDATE, INSERT, or DELETE operation against real data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could change or delete rows in a PostgreSQL database.
The skill documents SQL operations that can modify or delete database rows. These are expected for a database skill, but they should be applied only to the intended database and records.
UPDATE documents SET embedding = '[new_embedding]' WHERE id = 1; ... DELETE FROM documents WHERE id = 1;
Confirm the database, schema, table, and row targets before allowing write or delete operations; use backups and transactions for important data.
The agent may attempt database actions using a local account that could have broader access than intended.
The skill gives a specific local PostgreSQL user and empty password as the connection profile. This is coherent for a local example, but it relies on whatever privileges that database account has.
psql -h localhost -p 5433 -U damien -d postgres ... export PGUSER=damien export PGPASSWORD=''
Use a dedicated least-privilege PostgreSQL user and a dedicated database or schema for vector/RAG data instead of a broad default account.
Private documents stored for retrieval may persist in the database and later be surfaced to the model as context.
The skill is designed to persist document chunks and retrieve them into LLM context. This is expected for RAG, but stored content can include sensitive or untrusted text.
Store document chunks with embeddings ... Retrieve relevant chunks for LLM context SELECT chunk_text FROM document_chunks
Avoid storing sensitive material unless needed, define retention rules, and treat retrieved chunks as untrusted context rather than authoritative instructions.