ClawHub

Mysql Skill 1.0.0 (3)

Security checks across malware telemetry and agentic risk

Overview

This MySQL helper is coherent but needs Review because it can guide high-impact database writes, deletes, schema changes, and restores without strong built-in confirmation or rollback safeguards.

Install only if you are comfortable letting an agent help with MySQL operations. Use a read-only or least-privilege database account by default, avoid production write/admin credentials, review the exact SQL before execution, and require explicit confirmation before UPDATE, DELETE, ALTER, DROP, RESTORE, SET GLOBAL, or large data operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is broad enough that ordinary mentions of MySQL, databases, queries, schema changes, or backups could invoke the skill without strong scoping or confirmation boundaries. In a skill that can generate and facilitate high-impact database actions, over-broad triggering increases the chance of unintended execution paths, especially when paired with destructive capabilities.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill advertises support for INSERT/UPDATE/DELETE, table management, and backup/restore directly in the top-level description without prominently warning that these operations can be irreversible or service-impacting. Because this is the first activation-facing metadata, missing risk framing can lead users or orchestrators to treat dangerous operations as routine, increasing the likelihood of accidental data loss or destructive changes.

Missing User Warnings

High
Confidence
95% confidence
Finding
The examples include deleting old logs, restoring backups, and altering schema without immediate user-facing warnings, confirmation steps, or rollback guidance. In context, this skill is specifically designed to operate on live MySQL systems, so example-driven behavior can normalize dangerous actions and encourage execution of irreversible changes without sufficient safeguards.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal