ClawHub

Sqlformat

Security checks across malware telemetry and agentic risk

Overview

This skill is local and shows no exfiltration, but it advertises SQL formatting and linting while mostly saving raw SQL inputs to plain-text logs.

Review before installing. Treat this as a local SQL activity logger, not a real formatter or validator, unless the publisher fixes the implementation. Do not paste production queries, secrets, customer data, or sensitive schema details; if used, regularly inspect and delete `~/.local/share/sqlformat/` logs and exported files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented primarily as a SQL formatter/linter, but its documented behavior also includes persistent retention, search, export, and activity tracking of all user inputs. That creates a material privacy and data-handling capability beyond what many users would reasonably expect from a formatting utility, especially because SQL often contains schema details, credentials, tokens, literals, or business-sensitive queries.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill’s stated purpose is SQL formatting/linting/conversion, but the implementation only collects and stores arbitrary user input. This mismatch is dangerous because users may paste sensitive SQL queries, credentials, schema details, or production data under the assumption they are being processed locally and ephemerally, when instead they are retained in logs.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Retention, export, search, and activity-reporting features are unrelated to a simple SQL formatting utility and expand the data-exposure surface. In context, these capabilities make it easier to accumulate, retrieve, and exfiltrate sensitive SQL text or embedded secrets that users may submit to the tool.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The help text advertises operational SQL functions, but every command path merely appends the provided input to log files. This deceptive behavior increases the chance that users will trust the tool with sensitive queries or data, creating a confidentiality risk through undisclosed storage rather than performing the promised transformation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that each command records timestamped entries to log files, but it does not clearly warn that SQL inputs may contain sensitive data such as table names, query literals, API tokens, or embedded credentials. Storing that content in plain text can expose sensitive information to other local users, backups, endpoint tools, or later export operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export feature allows all stored SQL records to be copied into portable formats like JSON, CSV, or TXT without a warning that this can aggregate and spread previously logged sensitive query contents. This increases the risk of unintentional disclosure because a local log becomes easy to move, share, or ingest into other systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
User-supplied input is persistently written to local log files without clear upfront warning in the description or help output. For a SQL-focused tool, this is risky because inputs often contain sensitive database structure, queries, literals, or even secrets, and users are not given informed consent before storage occurs.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persistently logging every SQL input and activity in plain text creates a standing data-retention channel for potentially sensitive content. In the context of a developer tool, users may paste production queries, customer identifiers, secrets, or internal schema details, so broad default logging materially increases exposure even without remote exfiltration.

Ssd 3

Medium
Confidence
95% confidence
Finding
A unified history log that records every command and raw input centralizes all user activity into a single plain-text file, making discovery and bulk disclosure easier. This is especially risky because it aggregates all operations across commands, increasing the blast radius if the file is accessed, backed up, or exported.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal