dbdoctor-tools
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its DBdoctor purpose, but it can run unrestricted SQL and handles database/platform credentials in ways that need careful review.
Install only if you trust the DBdoctor server and the skill publisher. Before using it, configure least-privilege accounts, protect the local token cache, avoid passing passwords through shell history, and require explicit human review before any execute_sql or manage_instance operation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could run UPDATE, DELETE, DROP, ALTER, or other production-impacting SQL on a target database.
This explicitly exposes arbitrary SQL execution against a database without a technical read-only restriction, so a mistaken or over-autonomous invocation could change or destroy data.
**execute_sql**: Executes arbitrary SQL on the target database. Review all SQL statements before execution. The tool does not enforce read-only restrictions.
Use this only with explicit human approval for each SQL statement, prefer read-only database accounts, and disable or avoid execute_sql unless mutation is truly required.
DBdoctor account sessions could be exposed if the configured endpoint or network is not trusted, or if the local token cache is readable by others.
The login flow sends authentication payloads to the configured DBdoctor URL with TLS certificate verification disabled and then writes the resulting session token to a local cache file.
resp = requests.post(url, json=payload, headers=headers, verify=False, timeout=30) ... f.write(token)
Use a trusted HTTPS DBdoctor endpoint on a trusted network, protect the skill directory and .token_cache file, rotate credentials if exposed, and consider requiring certificate verification.
Supplying database passwords gives the skill and DBdoctor platform enough information to register and access monitored database instances.
The instance registration workflow can collect database connection credentials and modify DBdoctor platform configuration; this is disclosed, but it is sensitive administrative authority.
manage_instance - Manage Database Instance ... --db-password accepts plaintext password, the program automatically completes RSA encryption internally.
Only use manage_instance with authorized operator approval, avoid placing passwords in shell history, and use least-privilege database accounts where possible.
Future dependency resolution could change behavior or inherit a compromised package version.
The Python dependencies are listed without pinned versions; this is common for small script skills but means installs may resolve to different package versions over time.
requests pycryptodome python-dotenv
Install in an isolated environment and prefer pinned, reviewed dependency versions for production use.