ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hybrid DB Health

v1.0.0

Validate and troubleshoot the hybrid database system used by OpenClaw agents (Pulse task DB + RAG Pinecone stack). Use when asked to check setup, connection...

0· 298·0 current·0 all-time
by@cryptobro-man
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is described as a hybrid DB health checker and the bundled script performs the expected checks (Pulse sync script and a Pinecone/Query check). However the script uses a hard-coded workspace path (/home/Mike/.openclaw/workspace) and the registry metadata declares no required config paths, which is inconsistent and suggests the package was packaged for a specific user rather than being generally portable.
!
Instruction Scope
SKILL.md and the script instruct running local Python programs (openclaw_sync.py and query.py) and reading a .env file. Those runtime actions are within the stated purpose (connectivity and live query tests) but they also run arbitrary local code and surface command output. The instructions do not warn that the invoked Python scripts may execute network I/O or print sensitive values, and they reference absolute user-specific paths rather than a configurable workspace path.
Install Mechanism
This is an instruction-only skill with no install spec and no external downloads. The only code shipped is a small shell script. There is low install-supply-chain risk from this package itself.
!
Credentials
The manifest declares no required environment variables or config paths, but the script explicitly reads OPENAI_API_KEY and PINECONE_API_KEY from a .env file and may activate a venv and run query.py. That means the skill will access local credentials without declaring them, and running the referenced Python code could use those keys to contact external services — a credential exposure risk if you haven't reviewed the invoked Python code.
Persistence & Privilege
The skill does not request persistent presence (always=false) and does not modify system or other-skill configurations. It only runs checks and prints results, so requested privileges are minimal.
What to consider before installing
This skill appears to do what it says (check Pulse and Pinecone connectivity) but exercise caution before running it as-is. Specific actions to consider: - Inspect the included script and, critically, the local Python files it will invoke (openclaw_sync.py and query.py) before running them — they may perform network requests or log secrets. - Note the script hard-codes /home/Mike/.openclaw/workspace; update the path to your own workspace or run it from a controlled environment so it doesn't accidentally read another user's files. - The script reads OPENAI_API_KEY and PINECONE_API_KEY from a .env file even though the skill declared no credential requirements; treat those keys as sensitive and avoid running live checks unless you trust the Python code and the environment (or run inside an isolated sandbox). - If you only need a non-executing check, use the manual grep steps to verify presence of keys, or run the script after editing it to disable the live python query. If you cannot review the invoked Python code, run these checks in a sandboxed container or reject installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97evaygfq4vn94tce7sbxk8fn822rfh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Hybrid DB Health

Run a quick, reliable health check for the two database surfaces in this workspace:

When combined with shared-pinecone-rag, position the pair as a Persistent Memory skill stack (retrieval + health assurance).

  1. Pulse operational DB/sync layer in agents/pulse
  2. RAG Pinecone layer in rag-pinecone-starter

Runbook

  1. Run the bundled script:
bash scripts/check_hybrid_db.sh
  1. Interpret status:
  • PASS: subsystem is configured and responding
  • WARN: subsystem exists but is not fully configured
  • FAIL: subsystem check execution failed
  1. Report to user in plain language:
  • Pulse DB status
  • RAG DB status
  • Exact next fix steps if WARN/FAIL

Manual checks (if script unavailable)

Pulse DB

cd /home/Mike/.openclaw/workspace/agents/pulse
python3 openclaw_sync.py --check

Expected: Database connection OK

RAG Pinecone

cd /home/Mike/.openclaw/workspace/rag-pinecone-starter
[ -f .env ] && grep -E '^(OPENAI_API_KEY|PINECONE_API_KEY)=' .env

If either key is blank, report as not connected yet.

Optional live connectivity test (requires keys + deps):

source .venv/bin/activate
python query.py "connectivity test"

Output format

Return concise status like:

  • Pulse DB: PASS/FAIL
  • RAG Pinecone: PASS/WARN/FAIL
  • Next steps: bullets

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…