ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Neon Postgres

v1.0.0

Guides and best practices for working with Neon Serverless Postgres. Covers getting started, local development with Neon, choosing a connection method, Neon...

0· 494·2 current·2 all-time
byAndre Landgraf@andrelandgraf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Neon Postgres guidance) matches the SKILL.md content: references to Neon docs, CLI usage, SDKs, and patterns. There are no unrelated environment variables, binaries, or config paths declared.
Instruction Scope
SKILL.md instructs the agent to prefer fetching official Neon docs (via direct .md URLs or curl Accept: text/markdown) and to use specific doc pages. It does not instruct reading local files, scanning system config, or accessing unrelated services. Note: it does expect the agent to make outbound HTTP requests to neon.com when invoked.
Install Mechanism
No install spec and no code files — instruction-only skills are lowest-risk from an installation perspective.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md does reference Neon connection methods and CLI commands (which in practice require credentials), but the skill itself does not request or store secrets.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills or system-wide settings.
Assessment
This skill is a documentation/help helper and appears coherent. Before using it, be aware it will fetch pages from neon.com (network access). Do not paste your Neon connection strings, API keys, or other secrets into conversations unless you trust the skill and understand where those secrets will be sent/stored. If you plan to run commands the skill suggests (neonctl, npx, or SDK usage), run them locally in a safe environment and only provide credentials to official Neon tooling or well-reviewed code. If you want an extra safety check, review any fetched doc URLs yourself in a browser rather than letting the agent retrieve them automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brkmryw544a94x37any43v581yfb7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments