40Medium
The skill lacks defined tool constraints and network permissions while accessing sensitive environment variables, creating an unmonitored attack surface that risks unauthorized data exfiltration and system compromise.
Skill Info
Nameneondatabase/agent-skills/claimable-postgres
Registrygithub
Versione09dafdc62a1
PURLpkg:github/neondatabase/agent-skills@e09dafdc62a1?skill=claimable-postgres
Stars71
Installs1,100
Source
Install
This skill has findings worth reviewing before installing.
GitHub
1,100 installs
Skills.shDocs
npx skills add https://github.com/neondatabase/agent-skillsAssessments (3)
AI Agent Traps ↗Access to sensitive environment variables detectedmediumcredential theftAML.T0055AML.T0037LLM02:2025
Access to sensitive environment variables detected
100% confidenceline 161
$DATABASE_URL
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Missing or insufficient descriptioninfopolicy violation
Skill description is empty or too short. A clear description helps users evaluate the skill's purpose.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/neondatabase/agent-skills/claimable-postgres)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/neondatabase/agent-skills/claimable-postgres"><img src="https://mondoo.com/ai-agent-security/api/badge/github/neondatabase/agent-skills/claimable-postgres.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/neondatabase/agent-skills/claimable-postgres.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow