claimable-postgres
Provisions instant temporary Postgres databases for quick prototyping and development without requiring login or credit card.
Install this skill
or
10/100
Security score
The claimable-postgres skill was audited on May 14, 2026 and we found 26 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 15
Curl to non-GitHub URL
SourceSKILL.md
| 15 | curl -s -X POST "https://pg.new/api/v1/database" \ |
medium line 39
Curl to non-GitHub URL
SourceSKILL.md
| 39 | curl -s -X POST "https://pg.new/api/v1/database" \ |
medium line 69
Curl to non-GitHub URL
SourceSKILL.md
| 69 | curl -s "https://pg.new/api/v1/database/{id}" |
medium line 20
Access to .env file
SourceSKILL.md
| 20 | Parse `connection_string` and `claim_url` from the JSON response. Write `connection_string` to the project's `.env` as `DATABASE_URL`. |
medium line 27
Access to .env file
SourceSKILL.md
| 27 | - **CLI** (`npx get-db@latest --yes`): Provisions and writes `.env` in one command. Convenient when Node.js is available and the user wants a simple setup. |
medium line 88
Access to .env file
SourceSKILL.md
| 88 | Provisions a database and writes the connection string to `.env` in one step. Always use `@latest` and `--yes` (skips interactive prompts that would stall the agent). |
medium line 92
Access to .env file
SourceSKILL.md
| 92 | Check if `DATABASE_URL` (or the chosen key) already exists in the target `.env`. The CLI exits without provisioning if it finds the key. |
medium line 97
Access to .env file
SourceSKILL.md
| 97 | 2. Use `--env` to write to a different file (e.g. `--env .env.local`). |
medium line 107
Access to .env file
SourceSKILL.md
| 107 | | `--env` | `-e` | .env file path | `./.env` | |
medium line 118
Access to .env file
SourceSKILL.md
| 118 | The CLI writes to the target `.env`: |
medium line 152
Access to .env file
SourceSKILL.md
| 152 | 4. **Write .env:** Write `DATABASE_URL=<connection_string>` to the project's `.env` (or the user's preferred file and key). Do not overwrite an existing key without confirmation. |
medium line 162
Access to .env file
SourceSKILL.md
| 162 | 1. **Check .env:** Check the target `.env` for an existing `DATABASE_URL` (or chosen key). If present, do not run. Offer remove, `--env`, or `--key` and get confirmation. |
low line 167
Access to .env file
SourceSKILL.md
| 167 | npx get-db@latest --yes --ref agent-skills --env .env.local --seed ./schema.sql |
medium line 177
Access to .env file
SourceSKILL.md
| 177 | - Where the connection string was written (e.g. `.env`) |
medium line 179
Access to .env file
SourceSKILL.md
| 179 | - The claim URL (from `.env` or API response) |
medium line 187
Access to .env file
SourceSKILL.md
| 187 | - **CLI:** `npx get-db@latest claim` reads the claim URL from `.env` and opens the browser automatically. |
medium line 218
Access to .env file
SourceSKILL.md
| 218 | - After writing credentials to an .env file, check that it's covered by .gitignore. If not, warn the user. Do not modify `.gitignore` without confirmation. |
low line 15
External URL reference
SourceSKILL.md
| 15 | curl -s -X POST "https://pg.new/api/v1/database" \ |
low line 30
External URL reference
SourceSKILL.md
| 30 | - **Browser**: User cannot run CLI or API. Direct to https://pg.new. |
low line 34
External URL reference
SourceSKILL.md
| 34 | **Base URL:** `https://pg.new/api/v1` |
low line 39
External URL reference
SourceSKILL.md
| 39 | curl -s -X POST "https://pg.new/api/v1/database" \ |
low line 59
External URL reference
SourceSKILL.md
| 59 | "claim_url": "https://pg.new/claim/019beb39-...", |
low line 69
External URL reference
SourceSKILL.md
| 69 | curl -s "https://pg.new/api/v1/database/{id}" |
low line 123
External URL reference
SourceSKILL.md
| 123 | PUBLIC_POSTGRES_CLAIM_URL=https://pg.new/claim/... |
low line 143
External URL reference
SourceSKILL.md
| 143 | For Vite projects, `vite-plugin-db` auto-provisions a database on `vite dev` if `DATABASE_URL` is missing. Install with `npm install -D vite-plugin-db`. See the [Claimable Postgres docs](https://neon. |
low line 150
External URL reference
SourceSKILL.md
| 150 | 2. **Provision:** POST to `https://pg.new/api/v1/database` with `{"ref": "agent-skills"}`. |
Scanned on May 14, 2026
View Security DashboardGitHub Stars 37.5K
Rate this skill
Categorydevelopment
UpdatedMay 20, 2026
openclawcursorgithub-copilotcopilotclaude-codewindsurfclineroo-codeampcodexgoosetraeopencodemanusdatabaseapicross-platformdata-engineerbackend-developerdevops-srepostgresqldevelopment
sickn33/antigravity-awesome-skills