PostgreSQL Database

Security checks across malware telemetry and agentic risk

Overview

This PostgreSQL skill is legitimate in purpose, but it needs review because it can run powerful database actions, including destructive restore and arbitrary SQL, without built-in confirmation safeguards.

Install only if you intentionally want an agent to operate on PostgreSQL databases. Use a least-privilege database user, avoid production or superuser credentials by default, review every generated SQL statement, and require manual confirmation before write, DROP, DELETE, schema, backup, or restore actions. Test restores in a separate database first because the restore helper uses a cleanup mode that can remove existing objects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad enough that the skill may activate for many generic database-related requests without confirming that the user intends PostgreSQL operations. Because this skill includes query execution, schema changes, and backup/restore behaviors, accidental activation could lead to unintended access to database metadata or destructive actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill describes destructive capabilities such as INSERT/UPDATE/DELETE, schema management, and backup/restore without warning users about data loss, service interruption, or irreversible changes. In the context of a live PostgreSQL environment, omission of these warnings increases the chance of unsafe use and socially engineers users into approving risky operations they may not fully understand.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to provide database credentials via environment variables but does not warn about secret handling, exposure in logs, inherited process environments, or storage risks. Since PostgreSQL passwords are highly sensitive and this skill may invoke shell tools, poor guidance can lead to credential leakage and subsequent unauthorized database access.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The reference includes destructive commands like DROP DATABASE without any caution about irreversible data loss or the need to verify the target environment first. In a skill intended to help execute PostgreSQL operations, this omission increases the chance that an agent or user applies the command in production or against the wrong database.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The DROP TABLE example is presented as a normal table operation without warning that it permanently removes the table and its data. Because this skill is for database operations, users may treat examples as ready-to-run guidance, making accidental destructive use more likely.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: DELETE FROM ... WHERE condition is documented without emphasizing that an incorrect or omitted condition can remove large amounts of user data. In the context of an operational database skill, lack of guardrails around deletion commands can contribute to accidental data loss.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The pg_restore command uses the -c cleanup option, which drops database objects before recreating them, but the document does not warn that this can overwrite or destroy existing objects. In a database administration skill, providing this command without caution creates a meaningful risk of accidental overwrite during restore operations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The restore command always invokes pg_restore with --clean, which drops existing objects before restoring and does so without any explicit warning, dry-run mode, or confirmation gate. In an agent skill context, this is more dangerous because an automated or misunderstood request could trigger destructive database changes and irreversible data loss on the target instance.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script executes whatever SQL is supplied via the --query argument, including INSERT, UPDATE, DELETE, DDL, and potentially dangerous administrative statements, with no restriction to read-only operations and no confirmation or warning before committing changes. In an agent skill context, this is more dangerous because natural-language requests can be translated into destructive SQL and run directly against a live database, causing data loss, schema damage, or privilege abuse if the configured account is powerful.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal