Catmcp Data Analysis
v1.0.0提供专业、严谨的多集合数据查询与聚合分析,确保安全、准确、高效的业务数据统计与趋势洞察服务。
⭐ 0· 131·1 current·1 all-time
by深山大柠檬@beelkic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe multi-collection data queries and aggregation; the SKILL.md details exactly that work (list/inspect collections, build aggregation pipelines, use domain mappings). No unrelated credentials, binaries, or installs are requested, so the declared purpose aligns with the required surface.
Instruction Scope
Runtime instructions are focused on constructing correct queries, inspecting collection samples, and running aggregation pipelines. The doc explicitly restricts actions (e.g., always inspect before guessing, limit results, avoid printing raw queries), and does not direct the agent to read unrelated files, environment variables, or send data to external endpoints. It does reference internal tool primitives (inspect_collection_sample, execute_aggregate_pipeline, etc.), which is expected for a DB-querying skill.
Install Mechanism
There is no install spec and no code files that would be written or executed on install. This is instruction-only, so no downloads, package installs, or archive extraction occur.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The instructions assume access to internal query tools rather than requiring secrets in-skill, which is proportionate for a query/analysis assistant.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system modifications. Autonomous invocation is allowed (platform default) but that alone is not a problem given the skill's narrow, documented scope.
Assessment
This skill appears coherent and focused on running safe, read-only analysis queries. Before installing, confirm the following with the platform/administrator: (1) what specific 'internal tools' (inspect_collection_sample, execute_aggregate_pipeline, query_whisper, etc.) the agent will be allowed to call and whether those tools enforce least privilege/read-only access; (2) that the skill cannot send query results to external endpoints other than the platform's approved analytics endpoints; (3) auditing/logging of queries is enabled and query limits are enforced (the SKILL.md's limit guidance is advisory only); and (4) whether any sensitive fields (PII) should be masked or redacted by policy. If you need stronger guarantees, require read-only DB roles, explicit whitelist of allowed collections, or an approval step before the skill runs queries against production data.Like a lobster shell, security has layers — review code before you run it.
latestvk97799nhmggm71ytqjp99r4vhd8337x5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.