claimable-postgres
Provisions instant temporary Postgres databases for quick prototyping and development without the need for an account.
Install this skill
or
43/100
Security score
The claimable-postgres skill was audited on Mar 8, 2026 and we found 17 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 18
Curl to non-GitHub URL
SourceSKILL.md
| 18 | curl -s -X POST "https://pg.new/api/v1/database" \ |
medium line 42
Curl to non-GitHub URL
SourceSKILL.md
| 42 | curl -s -X POST "https://pg.new/api/v1/database" \ |
medium line 72
Curl to non-GitHub URL
SourceSKILL.md
| 72 | curl -s "https://pg.new/api/v1/database/{id}" |
medium line 23
Access to .env file
SourceSKILL.md
| 23 | Parse `connection_string` and `claim_url` from the JSON response. Write `connection_string` to the project's `.env` as `DATABASE_URL`. |
medium line 30
Access to .env file
SourceSKILL.md
| 30 | - **CLI** (`npx get-db@latest --yes`): Provisions and writes `.env` in one command. Convenient when Node.js is available and the user wants a simple setup. |
medium line 91
Access to .env file
SourceSKILL.md
| 91 | Provisions a database and writes the connection string to `.env` in one step. Always use `@latest` and `--yes` (skips interactive prompts that would stall the agent). |
medium line 95
Access to .env file
SourceSKILL.md
| 95 | Check if `DATABASE_URL` (or the chosen key) already exists in the target `.env`. The CLI exits without provisioning if it finds the key. |
medium line 100
Access to .env file
SourceSKILL.md
| 100 | 2. Use `--env` to write to a different file (e.g. `--env .env.local`). |
medium line 110
Access to .env file
SourceSKILL.md
| 110 | | `--env` | `-e` | .env file path | `./.env` | |
medium line 121
Access to .env file
SourceSKILL.md
| 121 | The CLI writes to the target `.env`: |
low line 18
External URL reference
SourceSKILL.md
| 18 | curl -s -X POST "https://pg.new/api/v1/database" \ |
low line 33
External URL reference
SourceSKILL.md
| 33 | - **Browser**: User cannot run CLI or API. Direct to https://pg.new. |
low line 37
External URL reference
SourceSKILL.md
| 37 | **Base URL:** `https://pg.new/api/v1` |
low line 42
External URL reference
SourceSKILL.md
| 42 | curl -s -X POST "https://pg.new/api/v1/database" \ |
low line 62
External URL reference
SourceSKILL.md
| 62 | "claim_url": "https://pg.new/claim/019beb39-...", |
low line 72
External URL reference
SourceSKILL.md
| 72 | curl -s "https://pg.new/api/v1/database/{id}" |
low line 126
External URL reference
SourceSKILL.md
| 126 | PUBLIC_POSTGRES_CLAIM_URL=https://pg.new/claim/... |
Scanned on Mar 8, 2026
View Security Dashboard