ClawHub

Middleware Query

Natural-language read-only querying for MySQL, Redis, and MongoDB with explicit connection configuration (host, port, username, password), guarded query plan...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 18 · 0 current installs · 0 all-time installs
by@gakkiismywife
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (read-only NL queries for MySQL/Redis/Mongo) matches the included scripts and referenced config. The skill asks for database connection parameters (host/port/username/password) which are appropriate and necessary for the stated functionality. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md and the scripts stick to the declared scope (collect connection info, produce guarded read-only plans, execute using script-level executors). One privacy-related behavior to note: the optional LLM planner (when OPENAI_API_KEY is set) will send the user NL request (and default profile names) to OpenAI. The skill documents this fallback and how to disable it by not setting OPENAI_API_KEY. Also, the JSON schema allows additionalProperties, so a returned plan could include unexpected fields — the current execution flow does not use arbitrary extra fields, but it's worth knowing.
Install Mechanism
There is no remote install/download step. The skill is instruction/code-only and ships Python scripts. No external archives or URL downloads are used. Optional Python packages are documented (openai, jsonschema, pymongo, redis, pymysql), which is expected for DB clients and LLM integration.
Credentials
The skill sensibly uses database-specific environment variables (MYSQL_*, REDIS_*, MONGO_*) and optionally OPENAI_API_KEY for planner LLM access. The registry declared no required envs; that matches reality because envs are optional fallbacks or used only if you enable the LLM planner. Requesting DB credentials (via connections.json or envs) is proportionate to the task; ensure you only provide credentials you intend the skill to access.
Persistence & Privilege
always is false and the skill does not request elevated agent-wide privileges. It stores/reads a local connections.json and writes temporary plan JSON files; this is normal for a CLI-style skill. It does not modify other skills or global agent configuration.
Assessment
This skill appears to do what it says: translate NL into guarded, read-only DB queries and run them against explicit connection profiles. Before installing: 1) Keep your connections.json local and gitignored (the docs make this recommendation). 2) Review and control which DB credentials you give it — the tool needs host/port/user/password to connect. 3) If you don't want any queries or user text sent to OpenAI, do not set OPENAI_API_KEY (the planner will fall back to a local rule-based router). 4) Run the Python dependencies in an isolated environment and inspect connections.json and any saved plan files if you keep them. 5) Note masking is implemented for common sensitive field names, but confirm it covers any custom secret field names you care about.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97ar0m0baj47b2kf9a3wm6jds830wh8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Middleware Query Skill

Implement natural-language query workflows with strict safety controls.

1) Collect required inputs

Require all connection parameters explicitly for each datasource:

  • host
  • port
  • username
  • password
  • optional: database (MySQL/Mongo), db (Redis logical DB)

Store connection profiles in scripts/connections.json (or provide env vars) before execution.

Use scripts/connections.example.json as a template and keep real connections.json local-only (gitignored).

Prefer middleware-list config with env/alias entries, e.g. {"redis":[{"env":"local","alias":"main",...}]} and use profiles like redis.local or redis.main.

2) Enforce read-only safety

Always keep operations read-only:

  • SQL: SELECT, WITH, EXPLAIN SELECT only
  • Redis: GET, MGET, HGET, HGETALL, SMEMBERS, ZRANGE, SCAN, TTL, TYPE
  • Mongo: find, count_documents, aggregate with read-only stages

Reject write/dangerous operations.

3) Prefer deterministic executors

Use scripts under scripts/:

  • nl_query.py (single command entry: NL -> plan -> guard -> execute)
  • planner_llm.py (LLM NL -> plan JSON with retry repair)
  • plan_schema.py + references/plan-schema.json (JSON Schema validation)
  • router_nl.py (rule-based fallback)
  • planner_guard.py (semantic guard)
  • execute_plan.py (validated plan execution)
  • query_sql.py
  • query_redis.py
  • query_mongo.py

Pass validated parameters; never execute free-form shell commands for database access.

4) Output format

Return:

  1. Datasource + profile used
  2. Executed query/operation (sanitized)
  3. Row/document/key count
  4. Tabular/JSON preview (truncated)
  5. Short interpretation in Chinese

5) Configuration sources

Priority order:

  1. Explicit CLI args
  2. Env vars (see references/config.md)
  3. scripts/connections.json

Fail with clear error if any required field is missing.

6) Reference docs

Read when needed:

  • references/config.md: connection and env conventions
  • references/safety-policy.md: guardrails and denylist
  • references/examples.md: common command examples

Files

17 total
Select a file
Select a file to preview.

Comments

Loading comments…