ClawHub
Back to skill
v1.0.0

Drizzle Schema Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 3:56 AM.

Analysis

This is a read-only Drizzle schema review skill that searches project schema and migration files and reports issues, with no code, install step, credentials, or persistence shown.

GuidanceThis skill appears appropriate for reviewing Drizzle schemas. Use it on the specific project paths you want analyzed, remember that schema and migration files may be read into the agent context, and review any suggested fixes manually before changing your database or migrations.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
find /path/to/src/db/ -name "*.ts" -type f ... grep -rl "pgTable\|mysqlTable\|sqliteTable\|createTable" /path/to/src/db/ --include="*.ts"

The skill documents local shell search commands to discover schema files. This is expected for a schema analyzer and appears read-only, but users should understand it may inspect local project source files.

User impactThe agent may read Drizzle schema and migration files from the paths you provide in order to produce its report.
RecommendationInvoke it only on the intended repository or directory, and avoid pointing it at unrelated private files.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide an upstream source or homepage. This limits provenance review, though the skill is instruction-only and has no installable code in the provided artifacts.

User impactIt is harder to independently verify the origin or maintainer intent, but there is no executable package or dependency shown.
RecommendationReview the visible SKILL.md instructions and registry owner information before installing, especially if provenance matters for your workspace.