ClawHub

SQL Migration Linter

v1.0.0

Lint .sql migration files for common mistakes — missing IF EXISTS guards, UPDATE/DELETE without WHERE, non-idempotent CREATE, missing transaction wrappers, r...

0· 68·0 current·0 all-time
by@charlie-morrison

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/sql-migration-linter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "SQL Migration Linter" (charlie-morrison/sql-migration-linter) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/sql-migration-linter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sql-migration-linter

ClawHub CLI

Package manager switcher

npx clawhub@latest install sql-migration-linter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md commands, and the included Python script align: a local, rule-based linter for .sql migration files. No unrelated env vars, binaries, or config paths are requested.
Instruction Scope
Runtime instructions only tell the agent to run the included Python script against migration files and to output text/json/summary. The script reads migration files and analyzes SQL; there are no instructions to read unrelated system files, call external endpoints, or exfiltrate data.
Install Mechanism
No install spec (instruction-only with an included script). The linter is pure-Python stdlib and runs locally; nothing is downloaded or extracted at install time.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script operates on files provided on the command line and uses no secret-bearing env vars.
Persistence & Privilege
always:false and no self-modifying or system-wide configuration changes in the provided code. The skill does not request persistent presence or elevated privileges.
Assessment
This skill appears to be what it claims: a local SQL migration linter implemented in a single Python script. Before installing/using it, you should: (1) review the full script locally (it reads files and runs regex-based checks but does not perform network calls), (2) run it in a safe/test repo or sandbox to confirm behavior and false positives, (3) note the package provenance — the registry entry has no homepage and the STATUS.md lists a $59 price, so confirm you trust the owner before using it in CI, and (4) treat its findings as advisory because it uses regex splitting (not a full parser) and may miss or misclassify complex SQL.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dwhtyv6b52f1ma4jw4ca11s851wrd
68downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@charlie-morrison
latest
Download

SQL Migration Linter

Rule-based linter for SQL migration files. Catches mistakes that make migrations non-idempotent, destructive, or unsafe under concurrent load. Pure Python stdlib — no dependencies.

Supports dialects: generic, postgres, mysql, sqlite.

Commands

# Lint a single file
python3 scripts/sql_migration_linter.py lint migrations/001_init.sql

# Lint a directory recursively
python3 scripts/sql_migration_linter.py lint migrations/

# Specify dialect (unlocks Postgres-specific rules)
python3 scripts/sql_migration_linter.py lint migrations/ --dialect postgres

# Filter by minimum severity
python3 scripts/sql_migration_linter.py lint migrations/ --min-severity warning

# JSON output for CI
python3 scripts/sql_migration_linter.py lint migrations/ --format json

# Compact summary
python3 scripts/sql_migration_linter.py lint migrations/ --format summary

# List all rules
python3 scripts/sql_migration_linter.py rules

Rules (17 total)

Structure

  • missing-trailing-semicolon (error) — file does not end with ;
  • mixed-indentation (warning) — tabs and spaces mixed in the same line
  • trailing-whitespace (info)
  • keyword-case-inconsistent (info) — same keyword appears in mixed case

DDL safety

  • drop-without-if-exists (warning) — DROP TABLE/INDEX/... without IF EXISTS
  • destructive-drop-table (warning) — DROP TABLE flagged for review
  • create-without-if-not-exists (warning) — CREATE TABLE/INDEX/... without IF NOT EXISTS
  • create-index-locks-table (warning, postgres) — CREATE INDEX without CONCURRENTLY
  • add-column-not-null-no-default (error, postgres) — ADD COLUMN ... NOT NULL without DEFAULT
  • reserved-word-identifier (warning) — identifier matches a SQL reserved word (e.g. user, order)

DML safety

  • update-without-where (error)
  • delete-without-where (error)
  • truncate-is-destructive (warning)
  • select-star (info) — SELECT * in migrations
  • insert-without-conflict-handling (info) — INSERT without ON CONFLICT / ON DUPLICATE KEY

Transactions

  • missing-transaction (warning) — 2+ DDL statements without explicit BEGIN/COMMIT
  • begin-without-commit (error)

Output formats

  • text (default) — grouped by file, line:severity: [rule] message, with totals
  • json — array of {file, line, rule, severity, message} objects
  • summary — counts per severity + top 10 rules by frequency

Exit codes (CI-friendly)

  • 0 — clean (or only info below min-severity)
  • 1 — warnings present, no errors
  • 2 — errors present

Examples

# Pre-commit hook — fail on any warning or error
python3 scripts/sql_migration_linter.py lint migrations/ --min-severity warning

# CI gate — fail only on errors
python3 scripts/sql_migration_linter.py lint migrations/ --min-severity error

# Postgres-specific audit
python3 scripts/sql_migration_linter.py lint migrations/ --dialect postgres --format json > report.json

Why this exists

Migrations that look fine locally fail in production because:

  • They aren't idempotent (re-run fails)
  • They lock large tables (Postgres CREATE INDEX, ADD COLUMN NOT NULL)
  • They mutate every row (UPDATE / DELETE without WHERE)
  • They use reserved words as identifiers and break under different parsers

This linter catches those before the PR gets merged.

Limitations

  • Uses regex + statement splitting; not a full SQL parser
  • No schema knowledge — cannot check FK targets, column types, etc.
  • keyword-case-inconsistent is per-statement, not repo-wide

Comments

Loading comments...