ClawHub
Back to skill
v1.0.1

提供数据库ddl内容,根据自然语言生成sql

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

This is a simple instruction-only SQL SELECT generator; the main thing to notice is that it may call a disclosed external schema API before drafting SQL.

GuidanceBefore installing, confirm you are comfortable with the external schema API behavior and review any generated SQL before running it. The artifacts show no code execution, credential use, persistence, or database mutation authority.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
完整地址: `https://open268v.cheyipai.com/img/c/{产品名称}.html` ... 请求API获取表结构

The skill instructs the agent to construct and request an external URL using a product name from the user request. This is disclosed and central to the SQL-generation workflow, but users should know that a network request may occur.

User impactThe quoted product name may be sent to the listed external domain, and generated SQL may depend on data returned by that API.
RecommendationUse the skill only with a schema API you trust, and verify that the product name and endpoint are appropriate before relying on the generated SQL.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
README.md
"tableName": "表名" ... "columns": [ ... "columnComment": "字段注释" ]

The skill expects schema data and comments from an HTTP API to guide SQL generation. If that returned schema content is inaccurate or untrusted, it could influence the generated query.

User impactA bad or manipulated schema response could lead to incorrect or misleading SQL, though the artifacts do not show persistence or credential handling.
RecommendationTreat remote schema content as untrusted input and review generated SQL before executing it against any database.