Repository: db-mcp
Author: neverinfamous·Source status: Clear source
SQLite MCP Server for Secure Database Administration and Observability with 139 Specialized Tools, Code Mode (90% token savings), Token-Optimized Payloads, 17 Resources, 10 Prompts, Smart Tool Filtering, Dual-Transport…
Score basis:Clear source · Risk needs review · Universal
Trust level
53 · Use caution
Low or incomplete recovered evidence; treat as install-review required.
Risk decision
Review required
metadata-only
Install readiness
script-backed · copy-only command
SkillTrust only shows install guidance and copy actions; it never executes installs.
Before you install
Review source, permissions, and execution risk first, then alternatives. Scores prioritize review; they do not replace manual judgment.
Review weakest dimensions and next actions before copying commands.
Public evidence is limited; avoid installing without extra review.
Audit grade
D · Limited evidence
Execution risk
High
Evidence confidence
69%
SAS-v2.1 radar
SAS-v2.1
Audit grade
D · Limited evidence
Execution risk
High
Top threats
prompt injection, tool poisoning
Control gaps
missing license, broad permissions
Evidence confidence
69%
Repository
neverinfamous/db-mcp
Author
neverinfamous
Community signal
3 stars · 0 forks
Last updated
2026-04-13
Primary source
neverinfamous/db-mcp
Source status
Clear source
Install method
script-backed
Command & code execution
34Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
High-risk action confirmation
38Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Secrets, identity & credentials
42Focus: Whether it handles tokens, private keys, or agent identity
Next action: Do not provide long-lived tokens or private keys to source-pending skills.
Supported tools can change install steps; Universal entries need source review.
Explicitly supported
Candidate support (inferred)
Candidate tools are inferred signals, not official compatibility certifications.
git clone https://github.com/neverinfamous/db-mcp.gitmetadata-only
Review source and permissions before copying install commands.
Public evidence is limited; avoid installing without extra review.
Focus: Who published it and whether it is traceable
Next action: Review repository, author, and README first; do not install directly when source is pending.
Focus: Whether install steps can be reviewed
Next action: Prefer candidates with install docs and repository evidence.
Focus: Whether tool descriptions may hide instructions
Next action: Read README, rules, and tool descriptions before install.
Focus: What it can access
Next action: Grant only task-required permissions and prefer Ask/manual confirmation.
Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
Focus: Whether file reads/writes can escape scope
Next action: Check working directory and file access scope before running.
Focus: Whether it may send data out
Next action: If unsure, restrict network access or allow only known domains.
Focus: Whether it handles tokens, private keys, or agent identity
Next action: Do not provide long-lived tokens or private keys to source-pending skills.
Focus: Whether external content can steer behavior
Next action: For browser/RAG/rules skills, review permissions and confirmation controls first.
Focus: Whether memory or retrieved context can be poisoned
Next action: Try RAG/memory skills in a low-privilege environment first.
Focus: Whether external tools and MCP access are clearly bounded
Next action: Confirm which external tools it will connect to before install, and start with the smallest possible set.
Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Focus: How far impact can spread when something goes wrong
Next action: If unsure, test in an isolated project first.
Focus: Whether actions can be traced
Next action: Prefer candidates with logs or previews.
Focus: Whether it is maintained and reusable
Next action: Check license and maintenance before organizational use.
Low or incomplete recovered evidence; treat as install-review required.
Phase 1 only shows installation-aware, source-backed signals. SkillTrust does not execute install scripts for users.
Risk factors
metadata-only
Permission hints
repository clone
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: 1Panel
Author: 1Panel-dev · Source status: Clear source
🔥 1Panel is a modern, open-source VPS control panel — and the only one with native AI agent support.
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: GitNexus
Author: abhigyanpatwari · Source status: Clear source
GitNexus: The Zero-Server Code Intelligence Engine - GitNexus is a client-side knowledge graph creator that runs entirely in your browser.
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: agency-agents
Author: msitarzewski · Source status: Clear source
A complete AI agency at your fingertips - From frontend wizards to Reddit community ninjas, from whimsy injectors to reality checkers.
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: lobehub
Author: lobehub · Source status: Clear source
The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you.
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: ansible
Author: ansible · Source status: Clear source
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain.
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: d1-manager
Author: neverinfamous · Source status: Clear source
Self-hosted web app for Cloudflare D1 with visual schema design, ER diagrams, cascade simulator, circular dependency detection, undo/rollback & time-travel history, FTS5 tools, replication controls, analytics, Drizzle OR
Score basis:Clear source · High risk signals · Universal
Repository: memory-journal-mcp
Author: neverinfamous · Source status: Clear source
Bridge Disconnected AI Sessions with Persistent Project Memory, Dynamic Project Detection, Automatic Session Briefing, Personal & Team Session Summary Prompts, Triple Search, Knowledge Graphs, GitHub Integration (Issues,
Score basis:Clear source · High risk signals · Universal
Repository: sqlite-mcp-server
Author: neverinfamous · Source status: Clear source
⚠️ DEPRECATED: Use https://github.com/neverinfamous/db-mcp instead.
Score basis:Clear source · Risk needs review · Universal
Repository: postgres-mcp
Author: neverinfamous · Source status: Clear source
Secure PostgreSQL Administration & Observability with Code Mode— True V8 Isolate Sandbox Replacing 248 Specialized Tools for up to 90% Token Savings.
Score basis:Clear source · Risk needs review · Universal