SQL Toolkit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sql-toolkit Version: 1.0.0 The skill bundle is benign. It provides comprehensive documentation and examples for interacting with SQL databases (SQLite, PostgreSQL, MySQL) using standard command-line tools. While the skill inherently involves powerful commands with file system and network access (e.g., `psql`, `mysql`, `sqlite3`, `pg_dump`, `mysqldump`), all examples and instructions in `SKILL.md` are aligned with the stated purpose of a 'SQL Toolkit' and demonstrate legitimate, common database operations. There is no evidence of prompt injection, data exfiltration, malicious execution, persistence, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against the wrong database or without reviewing the SQL, migrations and write queries could alter production or important data.
The skill documents running SQL files against a database, which is expected for a SQL toolkit but can apply schema or data changes to the selected database.
psql -h localhost -U myuser -d mydb -f migration.sql
Review SQL files before execution, confirm the target host/database, prefer transactions or backups for migrations, and require explicit user approval before destructive or production changes.
Database credentials or highly privileged accounts could expose or modify more data than intended if reused carelessly.
The connection examples involve database credentials and potentially privileged database users; this is purpose-aligned but sensitive.
psql "postgresql://user:pass@localhost:5432/mydb?sslmode=require" ... mysql -h localhost -u root -p mydb
Use least-privilege database users, avoid putting real passwords directly in shell commands or shared logs, and prefer prompts, protected environment variables, or password managers where appropriate.