Back to skill

Security audit

Postgres Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local PostgreSQL Docker manager with disclosed database and container-management behavior.

Install only if you want an agent to manage a local Docker PostgreSQL service. Set POSTGRES_PASSWORD before use on shared systems, review database names before dump or drop commands, and stop the container when you no longer need it running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
91% confidence
Finding
The trigger 'start postgres' begins with a generic built-in verb and can shadow or be confused with the platform's native 'start' behavior. In an agent environment, this can cause the wrong action to fire or route a user request into this skill unexpectedly, which is risky because this skill manages Docker containers and local databases.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
91% confidence
Finding
The trigger 'stop postgres' has the same shadowing issue: it starts with a generic built-in command and may intercept or be confused with native stop functionality. Because the skill can stop shared infrastructure, accidental invocation could interrupt local development environments or cause denial of service for dependent apps.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.