Skillv1.0.1

ClawScan security

Zero TiDB(Deprecated) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 4:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated goal (creating ephemeral TiDB Cloud Zero instances), but there are provenance and metadata inconsistencies and the SKILL.md relies on external tools (curl, jq, mysql, Node) that the skill metadata does not declare — users should review before installing or allowing autonomous runs.
Guidance: What to check before installing: - Provenance: The skill's source/homepage is unknown and the skill name includes "(Deprecated)" — verify who published it and whether this is an official TiDB/PingCAP offering before trusting it. - Runtime dependencies: SKILL.md examples use curl, jq, the mysql CLI and Node's mysql2, but the skill metadata lists no required binaries. Ensure those tools are available in the agent environment or the instructions will fail. Consider asking the publisher to list explicit runtime dependencies. - API safety: The guide implies provisioning via POST to https://zero.tidbapi.com without any auth. Confirm the API's access controls and rate limits with the provider — unauthenticated provisioning can be abused and may expose you to unexpected costs or resource creation. - Secrets handling: The API returns DB credentials; the skill explicitly tells the agent to write them to a local file. Ensure the agent environment is sandboxed, that files are stored securely, and that the agent is not allowed to exfiltrate files to untrusted endpoints. - Test manually first: Run the documented curl commands yourself from a controlled environment to confirm behavior and inspect the response shape and expiration policy. If you cannot verify the publisher or the API behavior, or you do not want the agent to make external network calls, do not install or do not grant network access/autonomous invocation. If you proceed, ask the skill author to correct metadata (declare required binaries) and provide an official documentation link or contact.

Review Dimensions

Purpose & Capability: okThe name and description (ephemeral TiDB Cloud Zero DBs) align with the SKILL.md instructions: call an API endpoint to provision an instance and then connect with a MySQL-compatible client. The actions described (POST to an API, read returned connection string, run SQL) are coherent for this purpose.
Instruction Scope: noteInstructions stay within the stated purpose (provision, connect, optionally bootstrap demo data). They instruct saving credentials to a local file and show CLI/Node examples. There is no instruction to read unrelated user files or other system secrets, but the guide tells the agent to persist sensitive credentials locally — this increases risk if the agent environment has network or exfiltration capabilities. The SKILL.md uses external commands/tools (curl, jq, mysql, Node "mysql2") which are required at runtime but are not declared in the skill metadata.
Install Mechanism: okInstruction-only skill with no install spec and no code files, so nothing is written to disk by the installer. This is the lowest-installation risk surface.
Credentials: concernThe skill declares no required env vars or credentials, which is plausible if the API is unauthenticated, but the runtime instructions rely on external tooling (curl, jq, mysql client, Node library). The metadata omission of these runtime dependencies is an inconsistency. The SKILL.md also instructs storing the returned database credentials in a local file — that is appropriate but raises the need to protect those secrets and to ensure the agent execution environment is trustworthy.
Persistence & Privilege: okThe skill does not request persistent or always-on presence; default autonomous invocation is allowed (normal). There is no install script or configuration changes described that modify other skills or global agent settings.