Skill Detail

Supabase Postgres Best Practices

This skill provides a performance optimization guide for Postgres, maintained by Supabase.

GitHub:sickn33/antigravity-awesome-skills postgres-best-practices
version 18979db64480
static analysis only
no human review yet
Use Caution

Current public label

Use Caution

Because the skill's documentation mentions credentials and external URLs, it is labeled "use_caution". This means you should review the skill's behavior carefully before use.

This label is currently coming from the automated scorecard.

Automated result

Use Caution

Driftloom found the skill's documentation references credentials and external URLs. The skill's behavior may depend on these external resources.

6 low Final label: use caution.

Human review

No human review has been recorded yet.

The current public label is still relying on automation. A human has not weighed in yet.

What happened

Driftloom completed a static scan. It inspected the skill files, recorded findings, and generated a scorecard.

Runtime evidence

No sandbox runtime result has been recorded yet.

What did not happen

  • Driftloom did not run this skill in an isolated sandbox yet.
  • This label is not a guarantee that the skill is safe, bug-free, or appropriate for every environment.
  • A good score does not replace human judgment when a skill touches secrets, shell access, or external systems.

Source provenance

Source: Workspace import

Originally ingested from a local workspace copy.

Scorecard

Safety
82
Quality
100
Transparency
82
Operational
92
Maintenance
82

6 low Final label: use caution.

Severity mix: 6 low

What Driftloom checked

  • Read the skill files and metadata to understand what the skill claims to do.
  • Looked for shell commands and risky command patterns, even if none stood out strongly.
  • Looked for external URLs, network calls, and signs the skill reaches outside the machine.
  • Looked for secret, token, password, and credential references.
  • Checked whether the skill structure and references looked internally consistent.

Findings

Secret or credential reference detected
secret.reference · safety
Low

The docs mention credentials or secrets. That may be normal, but it still tells you the skill expects sensitive material somewhere in the workflow.

File: AGENTS.md
Evidence: token
Secret or credential reference detected
secret.reference · safety
Low

The docs mention credentials or secrets. That may be normal, but it still tells you the skill expects sensitive material somewhere in the workflow.

File: rules/query-index-types.md
Evidence: token
Secret or credential reference detected
secret.reference · safety
Low

The docs mention credentials or secrets. That may be normal, but it still tells you the skill expects sensitive material somewhere in the workflow.

File: rules/security-privileges.md
Evidence: password
Explicit external endpoint reference detected
network.url_reference · transparency
Low

The docs reference an external endpoint or network flow in a context that likely matters to how the skill operates.

File: AGENTS.md
Evidence: https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-IDLE-IN-TRANSACTION-SESSION-TIMEOUT
Explicit external endpoint reference detected
network.url_reference · transparency
Low

The source references an external URL in a context that looks behaviorally relevant, not just decorative documentation.

File: metadata.json
Evidence: https://www.postgresql.org/docs/current/
Explicit external endpoint reference detected
network.url_reference · transparency
Low

The docs reference an external endpoint or network flow in a context that likely matters to how the skill operates.

File: rules/conn-idle-timeout.md
Evidence: https://www.postgresql.org/docs/current/runtime-config-client.html#GUC-IDLE-IN-TRANSACTION-SESSION-TIMEOUT
Driftloom is following the boring, correct architecture: Django control plane first, isolated runner later. Miraculously, restraint survives.