MSSQL

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate SQL Server helper, but it gives an agent broad database execution authority with stored credentials and no built-in guardrails for writes or admin actions.

Install only if you intend to let the agent access this SQL Server. Use a least-privileged account, preferably read-only for reporting, protect the credential file, and manually approve any insert, update, delete, schema, or administrative query before it runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broadly scoped to nearly any SQL Server data task, including fetching, inserting, updating, managing data, validating reporting numbers, and preparing datasets. That breadth can cause over-invocation of a high-impact capability and may lead an agent to perform destructive or sensitive database operations without sufficiently narrow trigger conditions or explicit safety gating.

Credential Access

High

Category: Privilege Escalation
Content: #!/usr/bin/env bash set -euo pipefail ENV_FILE_DEFAULT="${HOME}/.openclaw/credentials/mssql.env" ENV_FILE="${MSSQL_ENV_FILE:-$ENV_FILE_DEFAULT}" if [[ -f "$ENV_FILE" ]]; then
Confidence: 91% confidence
Finding: .env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal