v1.0.0

my skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:16 AM.

Analysis

This skill is purpose-aligned for DMS database administration, but it can perform high-impact database, instance, team, and user changes that should be reviewed carefully before use.

GuidanceReview this skill before installing or using it. It is not clearly malicious, but it can run database administration commands, execute SQL, and change team or user access. Use least-privilege credentials, verify the dms-cli.jar source, and require explicit confirmation before any write, delete, permission, or instance-management action.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

1. **自动实例管理** - 数据库实例的添加、删除、修改 ... 2. **数据查询** - SQL 执行 ... 4. **自动团队配置管理** - 团队创建、用户邀请、实例分配

The skill grants broad DMS mutation authority, including database instance changes, SQL execution, and team/user administration, without visible guardrails such as explicit confirmation or scoped read-only defaults.

User impactA mistaken or over-broad agent action could modify or delete database resources, execute damaging SQL, or change user/team access.

RecommendationUse only with explicit user confirmation for every write, delete, SQL mutation, team/user, or permission-changing action; prefer read-only defaults and least-privilege DMS/database accounts.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

`java -jar dms-cli.jar instance login`

The skill depends on an external Java CLI jar, while the provided artifact set has no install spec or bundled code showing its provenance.

User impactThe safety of the actual executable depends on where the user obtains dms-cli.jar.

RecommendationDownload the CLI only from an official trusted source, verify its checksum or signature if available, and avoid running unknown jar files.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

`java -jar dms-cli.jar sql execute --instance-id 10413 --sql "SHOW DATABASES"`

The skill instructs use of a local Java command-line tool to perform DMS operations. This is central to the stated purpose, but it is still local code execution.

User impactRunning the CLI executes local code and can perform actions against DMS using the provided account or token.

RecommendationRun the CLI only in a trusted environment and confirm commands before executing write, delete, or permission-changing operations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

使用数据库账号和密码登录，**需要用户手动提供真实密码** ... `--password <数据库密码>`

The skill expects real database credentials for login. This is purpose-aligned for DMS, but it is sensitive account access.

User impactAnyone using the skill with powerful database credentials could expose or change data according to that account's privileges.

RecommendationProvide only least-privilege credentials, avoid sharing passwords in persistent chat history where possible, and rotate credentials if they are exposed.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

返回: {"code":200,"data":"26d4540fe7e01ff1",...}  -- Token 在 data 字段 ... `--instance-token "26d4540fe7e01ff1"`

The workflow obtains and reuses instance tokens for SQL execution. This is expected, but token handling is sensitive.

User impactIf an instance token is copied, logged, or reused incorrectly, it could allow further database operations during its validity period.

RecommendationTreat instance tokens as secrets, do not paste them into unrelated tools, and log out or revoke sessions after use when supported.