Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
my skill
v1.0.0提供 DMS 客户端数据管理能力,包括实例管理、SQL查询、工单创建、团队管理、用户管理。用于用户请求数据库实例添加、数据查询、提交工单、团队配置等操作时调用。
⭐ 0· 72·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the instructions align: the skill is a DMS client guide for instance management, SQL queries, tickets, teams and users. However, the documentation repeatedly invokes 'java -jar dms-cli.jar' (and therefore implicitly requires Java and the dms-cli.jar binary), yet the skill metadata declares no required binaries or install steps. That omission is inconsistent with the stated capability.
Instruction Scope
SKILL.md instructs running local CLI commands (java -jar dms-cli.jar ...) to log in, obtain instance tokens, and run SQL; it explicitly directs users to provide real database passwords in some flows and to use returned tokens. The instructions do not ask the agent to read unrelated system files, but they do involve handling sensitive credentials and tokens without describing secure handling, storage, or provenance of the dms-cli.jar. The file is truncated in the manifest; full instructions should be reviewed for any additional surprising steps.
Install Mechanism
This is instruction-only with no install spec — lowest installer risk. But because the instructions rely on a specific jar (dms-cli.jar) and Java, the skill should declare those prerequisites or provide a vetted install source. The lack of an install/source for dms-cli.jar means users must obtain and run an executable jar from elsewhere, which is a surface for supply-chain risk.
Credentials
The skill handles highly sensitive inputs (database passwords and instance tokens) and encourages users to provide them for CLI login flows, but the metadata lists no primary credential nor required env vars and gives no guidance about where credentials are entered or stored. That mismatch is concerning: secrets are central to the skill's operation but no credential handling is declared or constrained.
Persistence & Privilege
The skill is not always-enabled and does not request persistent agent privileges or modify other skills. It does not declare autonomous persistent behavior beyond ordinary invocation, so no elevated platform privileges are requested.
What to consider before installing
Before installing or using this skill: (1) Confirm you have Java and a trusted copy of dms-cli.jar from an official source — do not run jars from unknown/unverified origins. (2) Expect the skill to require database credentials and tokens; never paste production passwords into untrusted chat windows or share them broadly. Prefer dbAccountId flows when possible (the doc recommends this). (3) Ask the publisher for the dms-cli.jar source, signature/checksum, and any install instructions; request that required binaries be declared in metadata. (4) Run the CLI in an isolated environment (sandbox or dedicated host) if you must test, and rotate any tokens/passwords used for testing. (5) If you need higher assurance, request source code or a signed release and insist the skill metadata be updated to list Java and the CLI jar as required components.Like a lobster shell, security has layers — review code before you run it.
latestvk97car7f5sn07h96e2r71b93x183jmz9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.