PostgreSQL MCP Server

SUSPICIOUS: the PostgreSQL access purpose is coherent, but the install and trust model are not fully aligned with the claimed source. The main risk is transitive installation of a third-party-hosted skill through `npx skills add`, which gives externally supplied instructions the agent's permissions without clear same-org provenance. No direct credential theft or overt malicious behavior is shown, so this is better classified as medium/high security risk rather than confirmed malware.