Complete Neon Serverless Postgres documentation. Covers serverless setup, branching, autoscaling, integrations (Vercel, Drizzle, Prisma), connection pooling, extensions, and best practices.
Security Analysis
high confidenceThis package is an instruction-only documentation skill containing a large dump of Neon database docs — its declared metadata, files, and requirements are coherent with that purpose.
Name/description describe Neon Serverless Postgres docs and the package contains ~546 markdown docs from Neon. There are no unexpected required binaries, env vars, or install steps; the single JS file is a small shared-content helper. The requested footprint matches a documentation-only skill.
SKILL.md and the included documentation are reference material. Many docs include example commands and examples that reference env vars (DATABASE_URL, NEON_API_KEY, OPENAI_API_KEY) and curl/neonctl usage — which is normal for documentation. The SKILL.md includes an explicit Security Notice warning agents not to auto-execute commands, which mitigates accidental autonomous execution. Still, if an agent were to run examples automatically, they could cause side effects — treat the examples as inert unless you explicitly run them.
No install spec; this is instruction-only with files bundled in the skill. Nothing is downloaded or extracted at install time, so install risk is low.
The skill declares no required credentials or config paths (none listed). However, many documentation pages show sample commands that expect API keys or connection strings. Those examples are expected in docs but are not required by the skill itself — do not provide secrets to the skill just because the docs show them.
always is false and disable-model-invocation is false (normal). The skill does not request to persist credentials or edit other skills. Autonomous invocation is allowed by default; this is typical for skills but combine caution with the instruction-scope note above.
Guidance
This skill appears to be a straightforward copy of Neon’s public documentation and is internally consistent. Before installing or enabling autonomous use: 1) Do not allow the agent to auto-execute any example commands — the package itself warns against it. 2) Never paste production secrets (NEON_API_KEY, DATABASE_URL, OPENAI_API_KEY, etc.) into prompts or request the skill to 'use' them without explicit, deliberate action. 3) If you plan to let an agent act autonomously with this skill, restrict it from executing shell commands or network operations unless you explicitly approve each action. 4) Inspect SKILL.md for any invisible/control characters (scan finding) and confirm the source (the homepage/repository listed matches Neon’s public docs). If you need higher assurance, fetch docs directly from the official Neon repo/website and compare hashes.
Latest Release
v0.1.0
- Initial release of Neon Database skill, providing complete serverless Postgres documentation. - Includes 546 markdown files (6.8MB) covering setup, branching, autoscaling, integrations (Vercel, Drizzle, Prisma, Next.js), connection pooling, data import, extensions, and security. - Features step-by-step guides, API/CLI reference, and best practices. - Integrates documentation for authentication providers and AI/ML features (pgvector). - Security notice: command examples require explicit user approval before execution.
More by @leonaaardob
Published by @leonaaardob on ClawHub
