Neon Database Complete Documentation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lb-neon-skill Version: 0.1.0 The skill bundle is classified as suspicious due to several risky capabilities, primarily involving remote code execution and arbitrary content fetching. The `SKILL.md` and `docs/ai/*.md` files contain instructions for the AI agent to execute `npx neonctl@latest init` and `npx add-mcp` commands, which fetch and run code from remote sources without version pinning, posing a supply chain risk. Furthermore, the `docs/README.md` and other documentation files extensively use an `<ExternalCode>` component that fetches and displays content from arbitrary external URLs (e.g., `https://raw.githubusercontent.com/...`). While currently used for benign `.mdc` context files, this capability could be exploited for remote code execution if the source repository is compromised or if the agent is prompted to fetch malicious content. These elements demonstrate risky capabilities without clear evidence of intentional malicious behavior in the provided content.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may prefer Neon's serverless driver by default when generating database code.
This is directive code-generation guidance that can steer an agent's default implementation choice. It is purpose-aligned with Neon serverless guidance and includes exceptions, but users should know it may bias generated code.
For **Next.js + Vercel + Neon**, ALWAYS: import { neon } from '@neondatabase/serverless';Confirm the target runtime before applying the recommendation, especially for long-lived Node.js servers where the document itself lists exceptions.
If run, the command could modify the local development environment and Neon account setup.
This documented setup command can run local package code and change authentication/editor configuration if a user chooses to follow it. The skill does not show automatic execution.
npx neonctl@latest init ... authenticates via OAuth, creates an API key, configures your editor ... and installs agent skills
Do not allow an agent to run setup commands automatically; review the command and approve it only when you intend to configure Neon tooling.
Providing these credentials to an agent or plugin may allow it to access or change Neon project/database resources.
The documentation describes external agents that require Neon credentials or connection details. This is expected for Neon integrations, but those credentials are sensitive.
Both agents require: - **Neon API Key** ... - **Project ID or connection string**
Use least-privilege credentials where possible, keep API keys out of chat logs and repositories, and revoke keys that are no longer needed.
If configured, an external AI tool could query or mutate live database resources through the MCP integration.
The docs describe an MCP/plugin path where another AI agent can operate against live Neon APIs and databases. This is disclosed and relevant, but it creates a sensitive boundary.
The plugin’s MCP server integration lets Claude interact with Neon’s live API endpoints ... Create or delete branches and databases ... Run SQL queries and migrations
Only configure MCP/plugins from trusted sources, review their permissions, and require confirmation before destructive database actions.
Users cannot fully verify from the registry metadata alone that the packaged documentation exactly matches upstream Neon docs.
The registry source is not provided, while SKILL.md claims the contents are extracted from official Neon documentation. This is a provenance gap, though the supplied artifacts show a documentation-only package.
Source: unknown
For sensitive commands, credential setup, or database-mutation workflows, compare against the official Neon documentation before acting.