ClawHub

Sqlx Code Review

v1.0.0

Reviews sqlx database code for compile-time query checking, connection pool management, migration patterns, and PostgreSQL-specific usage. Use when reviewing...

0· 50·0 current·0 all-time
byKevin Anderson@anderskev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise a sqlx-focused code review and the SKILL.md contains a focused checklist (Cargo.toml, query macros, pool config, migrations, type mapping). There are no unexpected binaries, installs, or unrelated credentials requested.
Instruction Scope
Instructions explicitly tell the reviewer to inspect repository files (Cargo.toml, sqlx.toml, migrations/, .sqlx/sqlx-data.json) and to validate configuration like DATABASE_URL/offline mode. That is within the scope of a code review. One minor ambiguity: the SKILL.md also says to "Load and follow beagle-rust:review-verification-protocol" before reporting, which references an external protocol/artefact but gives no mechanism — this is unclear but not inherently malicious.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install model and appropriate for a checklist/review tool.
Credentials
The skill's metadata declares no environment or credentials, which matches an instruction-only reviewer. However, the instructions reference DATABASE_URL and sqlx offline artifacts (.sqlx, sqlx-data.json). Those items can contain database connection strings (sensitive). Referencing them is proportionate to the review purpose, but it means the agent may look at repo files or environment variables that contain secrets — the user should be aware.
Persistence & Privilege
always is false, no persistent install or modifications are requested, and autonomous invocation is the platform default. Nothing here requests elevated or permanent platform privileges.
Assessment
This skill is an instruction-only sqlx code-review checklist and appears coherent for that purpose. Before enabling it, be aware that a code review necessarily inspects repository files and may check for sqlx config and DATABASE_URL/offline artifacts, which can contain database connection strings or credentials. If you do not want real DB credentials exposed, do not run the review against an environment/repository that contains live secrets — use a scrubbed repo or read-only snapshot. The line about "beagle-rust:review-verification-protocol" is vague; ask the publisher what that protocol is and whether the agent needs to fetch anything external before you run the skill. If you need extra caution, run the review in an isolated environment or remove/obfuscate any DATABASE_URL values prior to invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk973bk0s8b4pep63qmtk7f2gm583qv2s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments