ClawHub

SQL Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI SQL helper, but users should know that AI commands send prompts and selected SQL files to EvoLink's API.

Install only if you are allowed to send SQL text, schema details, query literals, and migration descriptions to EvoLink's API. Avoid using AI commands on production secrets or sensitive customer data unless your organization approves that external processing; local cheatsheet and database-list commands do not upload data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill declares no explicit permissions, but its documented behavior requires access to environment variables, reading user-specified files, creating temporary files, and invoking shell tools like python3 and curl. This mismatch can mislead users and any permission-gating system about the skill's actual capabilities, reducing transparency and weakening least-privilege controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The explain command reads a local SQL file and sends its contents to the external EvoLink API for analysis. SQL files often contain schema details, table names, business logic, and sometimes embedded secrets or sensitive query text; the script does not provide a clear explicit warning, consent gate, or redaction step before exfiltrating that data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The optimize command uploads the contents of the provided SQL file to an external AI service without a clear user-facing warning at the point of use. Optimization inputs may include proprietary queries, schema structure, and operational details that could disclose sensitive internal architecture or data handling patterns.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The review command is especially sensitive because it sends SQL submitted for security review to an external API, which may include vulnerable code, credentials in literals, PII-related queries, or privileged administrative statements. That creates a confidentiality risk and is more dangerous in this skill context because users may specifically feed sensitive production SQL into the security-review workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The explain command reads a local SQL file and sends its contents to the external EvoLink API for analysis, but the script does not present an explicit warning or consent checkpoint at the point of transmission. SQL files often contain proprietary schema details, embedded literals, tenant identifiers, or even credentials/tokens in ad hoc scripts, so silent off-host transmission can cause confidentiality and compliance issues.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The optimize command uploads the contents of a local SQL file to a remote AI service without a clear, contextual warning to the user. Optimization requests commonly include full production queries, table names, and business logic, which may expose sensitive internal structure or data when transmitted externally.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The review command sends SQL intended for security analysis to an external provider without an explicit disclosure at execution time. Security review inputs are especially sensitive because they may include attack surfaces, privileged operations, schema weaknesses, or embedded secrets, increasing the risk of confidentiality loss if shared externally.

Ssd 3

Medium
Confidence
94% confidence
Finding
User-supplied descriptions and SQL content are forwarded largely verbatim to the external AI service across multiple commands. This can leak sensitive schema names, migration plans, incident details, or confidential business context, and the broad forwarding behavior increases the chance of accidental disclosure beyond just file-based inputs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal