Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
seekdb
v0.2.0Operate seekdb via CLI commands and look up seekdb documentation. Use when: executing SQL, exploring table schemas, managing vector collections, registering...
⭐ 2· 2.4k·0 current·0 all-time
byoceanbase@davidzhangbj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the instructions: the SKILL.md documents using seekdb-cli, running SQL, inspecting schemas, managing collections, and fetching documentation. However, the docs and examples assume additional local artifacts (a local docs catalog file and skill_dir references) and recommend multiple installation routes (pipx/pip, brew, apt, docker, and a curl | bash install script hosted on an S3 URL). The presence of an S3-hosted install command and local catalog expectations is not strictly required by the stated purpose and is worth questioning.
Instruction Scope
Runtime instructions instruct the agent to auto-discover connection info from environment variables, .env, ~/.seekdb/config.env, or a local DB file (~/.seekdb/seekdb.db) — but the skill metadata declares no required config paths or env vars. references/doc-examples.md explicitly tells the agent to read the SKILL.md to resolve a <skill_dir> and to search a local catalog file (references/seekdb-docs-catalog.jsonl) that is not present in the package. The skill also instructs fetching remote docs (raw.githubusercontent.com), which is expected for documentation but combined with local file reads and credential discovery creates scope creep and possible access to user secrets or local files beyond the skill manifest.
Install Mechanism
There is no formal install spec (instruction-only), which reduces some risk, but the SKILL.md recommends multiple install methods including pipx/pip, brew tap, apt, docker, and a direct curl | sudo bash to an S3 URL (https://obportal.s3.ap-southeast-1.amazonaws.com/...). A curl | bash from an S3 bucket (not an official, well-known release host) is higher risk if followed. The skill references official-looking sources (raw.githubusercontent.com, oceanbase images), but the S3 installer should be treated with caution.
Credentials
Metadata declares no required environment variables or config paths, yet the instructions explicitly tell the agent to read environment variables, .env files, ~/.seekdb/config.env, and a local DB file for auto-discovery of DSNs (which may include credentials). This mismatch means the skill's runtime behavior may access sensitive files/credentials that were not declared in the manifest.
Persistence & Privilege
always:false and no install spec mean the skill does not request forced permanent inclusion or elevated platform privilege. The skill does not request modifying other skills or global agent settings in the provided instructions.
What to consider before installing
This skill appears to do what it says (operate seekdb and fetch docs) but its runtime instructions ask the agent to discover connection info by reading environment files and local config/db files that are not declared in the manifest, and it suggests running a curl|bash installer hosted on an S3 URL. Before installing or using it: (1) don't run curl | sudo bash from unverified S3 URLs — prefer vetted packages or official release pages; (2) confirm whether the agent will have access to ~/.seekdb, .env, or other local files and only allow that in an isolated/test environment; (3) if you must connect to remote databases, avoid storing credentials in global env or allow-read locations and prefer explicit DSNs you control; (4) ask the skill author to declare required config paths/env vars and to remove instructions that implicitly read unspecified user files. If you need help assessing specific commands (e.g., the installer URL), provide them and I can inspect further.Like a lobster shell, security has layers — review code before you run it.
latestvk973yjqwnbzpww6ndzdd36pred838k10
License
MIT-0
Free to use, modify, and redistribute. No attribution required.