ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

kettle-sql-extractor

v2.1.0

从Kettle作业(.kjb/.ktr)中提取SQL脚本,支持批量提取、合并SQL组件和简洁输出

0· 47·0 current·0 all-time
by@chenjunhan633-glitch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (extract Kettle SQL) match the included scripts and docs (merge_kettle_sql.py, batch_extract_kettle_sql.py, kettle_xml_parser.py, shell helpers). Requesting python3 (in metadata) is expected; requiring kettle/pan/kitchen as optional binaries is plausible for Kettle-related workflows.
Instruction Scope
SKILL.md and docs only instruct reading Kettle files, running included Python/shell scripts, producing local reports, and optional local mail/CI integration examples. There are no instructions to read arbitrary unrelated system files or to transmit data to external endpoints.
Install Mechanism
No install spec (instruction-only skill with shipped scripts) — lowest install risk. Scripts are provided in-repo (Python/shell); nothing downloads or extracts remote archives in the manifest.
Credentials
No environment secrets or config paths are required. Metadata asks for any of kettle/pan/kitchen/python3 — python3 is required, while kettle/pan/kitchen are reasonable but not strictly necessary for pure XML extraction (they may be optional for running Kettle jobs). No credentials requested, which is proportionate.
Persistence & Privilege
always:false and no indication the skill modifies other skills or system-wide agent settings. Scripts create and remove local files and directories as expected for a CLI utility; this is normal for the stated functionality.
Assessment
This package appears coherent and focused on extracting SQL from Kettle XML files. Before running: 1) review the provided scripts (especially any shell helpers) in a safe environment; 2) run the tools on non-production copies of your .kjb/.ktr files and keep backups; 3) install Python deps (lxml, beautifulsoup4) in a virtualenv; 4) if you want extra safety, run the tools inside a disposable container/VM and monitor outbound network activity — the repo contains no obvious external endpoints but auditing code is prudent. Note: metadata lists kettle/pan/kitchen as optional binaries; they are plausible for Kettle workflows but not strictly required for pure XML extraction.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d8xxjre2xjd39zmw6bfnc998450rt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSLinux · macOS · Windows
Any binkettle, pan, kitchen, python3

Comments