CtrlK
BlogDocsLog inGet started
Tessl Logo

postgresql-psql

Comprehensive guide for PostgreSQL psql - the interactive terminal client for PostgreSQL. Use when connecting to PostgreSQL databases, executing queries, managing databases/tables, configuring connection options, formatting output, writing scripts, managing transactions, and using advanced psql features for database administration and development.

71

Quality

71%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./claude/skills/postgresql-psql/SKILL.md
SKILL.md
Quality
Evals
Security

Security

2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.

High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 0.90). The prompt contains numerous examples that embed plaintext passwords and connection strings (e.g., postgresql://user:password@..., export PGPASSWORD=..., .pgpass entries, CREATE USER ... WITH PASSWORD '...'), which encourages the agent to output secret values verbatim and thus poses a high exfiltration risk.

Report incorrect finding
Medium

W013: Attempt to modify system services in skill instructions

What this means

The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.

Why it was flagged

Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs changing PostgreSQL server configuration (postgresql.conf) and performing server-side COPY to filesystem paths (and creating superuser database roles), which can modify server/system files and require elevated privileges, so it can alter the machine's state.

Report incorrect finding
Repository
einverne/dotfiles
Commit

b1b2fe0

Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill