SQL Toolkit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only SQL helper, but using it can run database commands that read or change real data, so users should confirm the target database and credentials.
This skill appears purpose-aligned and instruction-only. Before installing or using it, make sure any database commands are run only against the intended database, review migrations and write queries first, back up important data, and use least-privilege database credentials.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against the wrong database or without reviewing the SQL, migrations and write queries could alter production or important data.
The skill documents running SQL files against a database, which is expected for a SQL toolkit but can apply schema or data changes to the selected database.
psql -h localhost -U myuser -d mydb -f migration.sql
Review SQL files before execution, confirm the target host/database, prefer transactions or backups for migrations, and require explicit user approval before destructive or production changes.
Database credentials or highly privileged accounts could expose or modify more data than intended if reused carelessly.
The connection examples involve database credentials and potentially privileged database users; this is purpose-aligned but sensitive.
psql "postgresql://user:pass@localhost:5432/mydb?sslmode=require" ... mysql -h localhost -u root -p mydb
Use least-privilege database users, avoid putting real passwords directly in shell commands or shared logs, and prefer prompts, protected environment variables, or password managers where appropriate.