ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Postgres Job Queue

v1.0.0

PostgreSQL-based job queue with priority scheduling, batch claiming, and progress tracking. Use when building job queues without external dependencies. Triggers on PostgreSQL job queue, background jobs, task queue, priority queue, SKIP LOCKED.

1· 1.1k·4 current·4 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content: schema, SKIP LOCKED claiming, Go client examples, stale-recovery and decision guidance. All required pieces are appropriate for a Postgres job queue.
Instruction Scope
SKILL.md contains only schema, SQL functions, and example Go code for claiming/completing/failing jobs and recovering stale jobs. It does not instruct the agent to read unrelated files, exfiltrate data, or call external endpoints.
Install Mechanism
Instruction-only skill with no install spec or code files to download/execute — lowest-risk installation model. README's example 'npx add https://...' is unconventional but not an active installer in the skill package itself.
Credentials
The skill declares no required env vars or credentials, which is reasonable for an instruction-only recipe; however, practical use requires database connection credentials (e.g., a DATABASE_URL) that are not documented here. That omission is a documentation gap rather than a mismatch, but users must supply DB credentials to run the examples.
Persistence & Privilege
Skill is not always-on, does not request system-wide configuration changes, and does not modify other skills or agent settings. It has no special platform privileges.
Assessment
This skill appears coherent and focused: it shows SQL and Go examples for a Postgres-based job queue and does not request secrets or perform network calls. Before using it, however: (1) review and test the SQL locally (claims/updates will modify your DB); (2) ensure you have appropriate Postgres credentials and permissions (the skill doesn't declare them but you'll need them to run the code); (3) verify you have necessary extensions (e.g., gen_random_uuid() requires pgcrypto or an equivalent UUID generator) and that indexes are suitable for your workload; and (4) be cautious running any provided UPDATE queries against production without staging tests. The README's installation examples (e.g., the 'npx add' URL and copy-from-~/.ai-skills instructions) look inconsistent — obtain the skill source from a trusted repository or package before copying/executing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qe91q9pjxbc0pa5h4mzcps80w489

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments