MySQL Database CLI Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent MySQL helper, but it gives the agent broad database mutation and batch-SQL authority without clear approval or scoping safeguards in the supplied artifacts.
Install or use this only if you are comfortable letting the agent run mysql commands against your database. Prefer read-only credentials, never use production admin/root credentials unless absolutely necessary, and require explicit confirmation before any insert, update, delete, schema change, import/export, or batch SQL script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong database or with a privileged account, the agent could modify, delete, import, export, or batch-change important production data.
The skill explicitly covers raw SQL mutation, batch execution, table/database management, and production debugging. These are high-impact database actions, and the supplied visible artifacts do not provide clear approval or scoping controls before such operations.
执行 SELECT 查询、INSERT/UPDATE/DELETE 增删改、批量 SQL 执行、事务控制、数据库/表管理...生产环境调试
Use a dedicated least-privilege database user, default to read-only SELECT access, require explicit user confirmation for INSERT/UPDATE/DELETE/DDL/import/export/batch scripts, and verify backups or rollback plans before production changes.
Supplying admin, root, or broad database credentials could let the agent perform changes beyond the immediate task.
The skill expects database credentials and shows privileged-looking accounts. Credential use is purpose-aligned for MySQL access, but it gives the agent whatever database privileges those credentials have.
MYSQL_PWD=password mysql -h 192.168.1.100 -P 3306 -u admin --database mydb
Provide only task-specific, least-privilege credentials; avoid root/admin accounts for routine use; and separate read-only credentials from accounts allowed to mutate schema or data.
The skill may fail or behave differently depending on the user's locally installed mysql, jq, sed, and shell environment.
The skill relies on local command-line tools, while the provided registry requirements declare no required binaries. This is an install/disclosure gap rather than evidence of malicious behavior.
Use the `mysql` CLI... and pipe the result to `jq`
Document required binaries and supported shells/operating systems in metadata, and ask users to verify trusted local installations before use.