ClawHub

SQL文件拆分工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SQL splitting and conversion utility with disclosed file-writing behavior, but users should treat its generated SQL and in-place troubleshooting commands carefully.

Install only if you are comfortable with a local tool that reads SQL files and writes generated split or converted SQL files. Run it on backups or disposable copies first, review generated merge/conversion output before applying it to any database, and avoid the sed -i example on important source files unless you have a backup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file describes a SQL Server→达梦 database conversion engine, while the skill metadata claims the skill splits SQL files and generates dependency-aware merge scripts. This mismatch is dangerous because users, reviewers, or downstream agents may rely on the manifest to understand scope and permissions, but the embedded design indicates materially different behavior and could conceal functionality outside the declared purpose.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The architecture section presents a multi-step conversion pipeline as the intended workflow, directly contradicting the stated purpose of SQL splitting. In agent ecosystems, contradictory internal design docs can mislead security review, cause unsafe tool invocation assumptions, and hide undeclared processing of user SQL content.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file header describes a SQL Server-to-DM dialect converter, which materially differs from the advertised skill purpose of splitting SQL files, analyzing dependencies, and generating merge scripts. This kind of capability mismatch is dangerous because users or higher-level agents may invoke the skill under false assumptions, causing unintended code transformation, integrity loss, or unsafe workflow decisions based on mislabeled functionality.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The exposed public API and summary functions advertise broad database migration and syntax conversion features that exceed the declared scope of the skill. In an agent setting, this expands the effective attack surface and can lead to unauthorized or destructive transformations when orchestration logic trusts the published skill description instead of the actual code behavior.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation gives a `sed -i` command that edits the input SQL file in place without a clear warning that the original file will be modified. In a file-processing skill, this can cause accidental destructive changes to source SQL, especially if users assume the tool is non-destructive or are following copy-pasted remediation steps on important database scripts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal