SQL Guard Copilot
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent SQL helper, but it includes an under-documented option that can turn off read-only protections and allow database writes.
Install only if you are comfortable giving it database access. Use a read-only database account, avoid `--allow-write` and `--no-lint` unless you deliberately approve the risk, keep credentials out of logs and shell history, and be aware that `ask` mode may send schema context to the configured LLM provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the write bypass is used, the agent or user could run SQL that changes or damages the connected database.
The implementation exposes escape hatches that can disable the advertised read-only guard and lint checks. Because database writes can modify or delete important records, this needs clearer user approval and containment than the provided artifacts show.
p_query.add_argument("--allow-write", action="store_true", help="Disable read-only guard (not recommended).") ... p_query.add_argument("--no-lint", action="store_true", help="Skip lint checks.")Use a dedicated read-only database account by default. If write support is kept, document it clearly, require explicit user confirmation, and add transaction/rollback or dry-run safeguards.
The skill can access whatever the supplied database account can read or write, depending on that account's privileges.
The skill expects database credentials and optionally an OpenAI API key. This is purpose-aligned, but those credentials grant account access and should be scoped carefully.
Set `SQL_DSN` first ... `mysql://user:password@127.0.0.1:3306/stock_monitor` ... Set `OPENAI_API_KEY` (or pass `--api-key`) to use `ask`.
Use a least-privilege, read-only database user for normal use and avoid placing real passwords in shared shell history, logs, or screenshots.
Database schema details and the user's natural-language question may be sent to OpenAI or another configured provider.
Natural-language mode uses an external or configurable LLM provider and sends a schema prompt to the model. This is expected for the feature, but it may disclose table and column names or business context.
p_ask.add_argument("--base-url", default=os.getenv("OPENAI_BASE_URL", "https://api.openai.com"), help="LLM API base URL.") ... p_ask.add_argument("--show-prompt", action="store_true", help="Print schema prompt sent to model.")Use only approved LLM endpoints for sensitive databases, review the prompt with `--show-prompt` when needed, and avoid using `ask` on confidential schemas unless policy allows it.