ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dbdoctor-tools

v1.0.3

DBDoctor database performance diagnosis platform tools. Invoke when user needs to query database instances, slow SQL, inspection reports, performance metrics...

0· 84·0 current·0 all-time
by@dbdoctor-das
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the delivered code: the repository contains many scripts that call DBDoctor API endpoints for instance listing, slow-SQL, diagnosis, SQL audit/rewrite, instance management, etc. The required environment variables (DBDOCTOR_URL, DBDOCTOR_USER, DBDOCTOR_PASSWORD) match the described API usage. Minor metadata inconsistencies: the registry summary said "required binaries: none" while SKILL.md lists python and pip under commands; SKILL.md also references pip install -r requirements.txt but no requirements.txt is present in the file manifest.
Instruction Scope
Runtime instructions stay on-task: they tell the agent to set the DBDoctor URL/user/password and run the included Python scripts. The SKILL.md explicitly forbids calling other interfaces. Important scope-relevant behaviors: two scripts perform write actions (execute_sql executes arbitrary SQL via the API, and manage_instance registers instances and sends DB credentials to the platform). The skill persists an API token in a .token_cache file (documented). You should review common/auth.py and common/client.py (present in the package but truncated in the listing) to confirm they only use the configured DBDOCTOR_URL and do not contact unexpected endpoints.
Install Mechanism
There is no automatic installer; this is instruction-only with Python scripts included. SKILL.md recommends pip install of standard Python packages (requests, pycryptodome, python-dotenv). No remote downloads or archive extraction are specified in the manifest. Note: SKILL.md suggests using a requirements.txt but that file is not in the manifest — you'll need to install dependencies manually or supply the requirements file.
Credentials
The declared environment variables (DBDOCTOR_URL, DBDOCTOR_USER, DBDOCTOR_PASSWORD) are appropriate and necessary for the API client. No unrelated secrets or broad cloud credentials are requested. Be aware that DBDOCTOR_PASSWORD is used to authenticate and that the tool encrypts and caches an API token; avoid supplying credentials with broader privileges than required (e.g., avoid granting an account that can execute destructive SQL unless you intend to allow that).
Persistence & Privilege
always:false and autonomous invocation are defaults. The skill will persist an API session token in a local .token_cache file (documented). More importantly, scripts expose capabilities that can change state: execute_sql can run arbitrary statements and manage_instance will register instances (it RSA-encrypts and transmits DB credentials). Those privileges are consistent with a DB management tool but increase blast radius if the agent runs autonomously — consider restricting autonomous invocation or using least-privilege credentials.
Scan Findings in Context
[base64-block] expected: The pre-scan flagged a base64 pattern. This is expected: the code uses base64 to encode RSA-encrypted database passwords (manage_instance.py) and the auth/token cache may use base64; it does not by itself indicate injection or exfiltration.
Assessment
This package appears to be what it says: a DBDoctor client toolset. Before installing or enabling it for an agent, do the following: 1) Review common/auth.py and common/client.py to confirm all network calls go only to the configured DBDOCTOR_URL and that no hard-coded external endpoints exist. 2) Limit credentials: supply an account with least privilege (read-only) for diagnosis tasks; only provide elevated credentials if you explicitly need execute_sql or manage_instance and trust the server. 3) Be cautious with autonomous execution: the agent can invoke scripts that execute arbitrary SQL or register instances; consider disabling autonomous invocation for this skill or restricting it to interactive approval. 4) Inspect the .token_cache behavior (location and permissions) to ensure cached tokens are stored securely. 5) Note small inconsistencies (missing requirements.txt, slight metadata mismatch). If you plan to use this in production, run the scripts in a controlled environment and perform a brief code review of the unshown common/*.py files to verify there are no unexpected behaviors.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v3aa2we3nqnfw65fge9y4s83n07c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvDBDOCTOR_URL, DBDOCTOR_USER, DBDOCTOR_PASSWORD

Comments