PostgreSQL Skill - 高级数据库管理
v1.0.0PostgreSQL 数据库管理技能。通过自然语言查询、管理 PostgreSQL 数据库,支持复杂查询、性能分析、JSON 操作、全文搜索等高级功能。当用户提到 PostgreSQL、Postgres、复杂查询、性能优化时使用此技能。
⭐ 0· 235·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the content: SKILL.md provides SQL examples, backup/restore advice, performance queries, JSON/FTS guidance. package.json declares required PostgreSQL client binaries (psql, pg_dump, pg_restore) and an install block to install them — which is coherent for a Postgres management skill. Note: the registry metadata provided with the skill reported 'no required binaries' and 'no homepage', but package.json includes both requires/install and a homepage/repository; this is an inconsistency in metadata but not a functional mismatch with the skill's purpose.
Instruction Scope
SKILL.md is focused on database tasks: installing a client, configuring connection vars, SQL examples, EXPLAIN usage, backups. It does instruct setting environment variables (PGHOST/PGPORT/PGUSER/PGPASSWORD/PGDATABASE) and to run system install commands (apt / brew). It does not instruct the agent to read unrelated files or exfiltrate data to external endpoints. (Minor accuracy note: some SQL examples use QUALIFY which is not standard PostgreSQL syntax — a correctness issue, not a security one.)
Install Mechanism
There is no executable code bundled, but package.json includes an openclaw.install section that runs standard system package installs (apt, brew) for the PostgreSQL client. These are standard package manager commands from known package sources — no arbitrary download URLs or archive extraction are used. Installing with apt may require sudo; user permission/privilege is expected for system package installs.
Credentials
The skill legitimately requires database connection information (PGHOST/PGPORT/PGUSER/PGPASSWORD/PGDATABASE) to operate. However, the registry metadata does not declare required env vars or a primary credential while the SKILL.md explicitly instructs exporting PGPASSWORD and other PG_* vars. This mismatch is a metadata omission — functionally the env vars are proportional but the skill asks users to place sensitive credentials in environment variables (PGPASSWORD), which has security implications (exposure in process listings/shell history).
Persistence & Privilege
The skill is instruction-only and does not request persistent presence, special system config paths, or always:true. It does include optional system install commands for a client tool, which is normal and limited in scope.
Assessment
This skill appears to do what it says: it provides Postgres queries, backup/restore commands, and recommends installing standard Postgres client tools. Before installing or using it, consider: 1) Verify the skill source (package.json points to a GitHub repo and homepage URL — check those links and the repo contents). 2) Prefer not to export PGPASSWORD in long-lived shells; use .pgpass, a connection URI stored securely, or a secrets manager and use least-privilege DB users (read-only for analysis). 3) Installing the client uses sudo/apt or brew — only run these on machines you control. 4) Test generated queries on a non-production database first (especially destructive commands). 5) Note the metadata mismatch: required env vars are described in SKILL.md but not declared in registry metadata — expect the agent to need DB credentials to operate. If you are comfortable with those precautions, the skill is coherent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk972pqzm0nhem7eepfjzf6vjh983ekyb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.