SQL Toolkit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against the wrong database or without reviewing the SQL, migrations and write queries could alter production or important data.
The skill documents running SQL files against a database, which is expected for a SQL toolkit but can apply schema or data changes to the selected database.
psql -h localhost -U myuser -d mydb -f migration.sql
Review SQL files before execution, confirm the target host/database, prefer transactions or backups for migrations, and require explicit user approval before destructive or production changes.
Database credentials or highly privileged accounts could expose or modify more data than intended if reused carelessly.
The connection examples involve database credentials and potentially privileged database users; this is purpose-aligned but sensitive.
psql "postgresql://user:pass@localhost:5432/mydb?sslmode=require" ... mysql -h localhost -u root -p mydb
Use least-privilege database users, avoid putting real passwords directly in shell commands or shared logs, and prefer prompts, protected environment variables, or password managers where appropriate.