seekdb
Security checks across malware telemetry and agentic risk
Overview
This looks like a real seekdb helper, but it can use local database connection settings, run broad database-changing commands, and recommends a privileged remote install script.
Install only if you intend to let the agent operate seekdb. Use an explicit, least-privileged connection, review any write or model-registration command before it runs, avoid passing high-value keys unless necessary, and verify the privileged server install script before using it.
VirusTotal
62/62 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could connect to and inspect or modify whichever seekdb database is configured in the environment or home directory, including a remote database if credentials are present.
The skill can use existing local connection configuration or credentials without the user explicitly selecting a database for each task.
seekdb-cli auto-discovers the connection (env var, `.env`, `~/.seekdb/config.env`, or default `~/.seekdb/seekdb.db`). No setup needed — just run commands directly.
Use an explicit DSN, prefer a read-only or least-privileged database user, and require confirmation before using auto-discovered credentials or running write operations.
A mistaken or over-broad agent action could add data, change model configuration, or otherwise alter a seekdb deployment.
The documented workflows include mutating database/vector collection state and registering model endpoints, but the artifacts do not clearly require user approval or define rollback/scoping controls for these actions.
`seekdb add <collection> --data '...' → add new documents` ... `seekdb ai model endpoint create <ep> <model> --url <url> --access-key <key>`
Treat schema changes, collection writes, model registration, and any non-read-only SQL as approval-required actions; use test databases for exploration.
If the remote script or download path is compromised or changes unexpectedly, installation could run arbitrary privileged commands on the user's machine.
This setup path executes a remotely downloaded script with root privileges and does not provide pinning, checksum verification, or script review instructions.
`curl -fsSL https://obportal.s3.ap-southeast-1.amazonaws.com/download-center/opensource/seekdb/seekdb_install.sh | sudo bash`
Prefer signed package-manager installs when possible, inspect the script before running it, and verify checksums or official provenance.
Compromised or misleading remote documentation could influence the agent's answers about seekdb usage.
The skill intentionally retrieves external documentation as context, which is purpose-aligned but should be treated as reference material rather than trusted instructions.
Fetch documents (remote) ... `https://raw.githubusercontent.com/oceanbase/seekdb-doc/[branch]/en-US/[path]` ... Use content to answer
Use fetched documentation only as source material for answers, and do not treat instructions inside remote docs as authority to change goals, credentials, or system behavior.