ClawHub

Prisma ORM Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a Prisma documentation skill with purpose-aligned database examples, but users should be careful with reset and delete commands because they can erase data if run against the wrong database.

Install is reasonable for Prisma development guidance. Before running copied commands, confirm the active database URL points to a disposable local, development, or isolated test database; avoid reset, raw delete, and bulk delete examples on production or shared databases unless you have backups and explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes `npx prisma migrate reset` as part of a migration workflow without an explicit warning that it drops and recreates the development database, destroying data. In an agent skill context, this is risky because an automated assistant or inattentive user may copy or invoke the command during troubleshooting, causing unintended data loss.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reference includes destructive migration/reset commands such as `prisma migrate reset` without any adjacent warning that they erase data. In a Prisma guidance skill, users may copy scripts directly into real project workflows, so missing guardrails increases the chance of accidental production or shared-environment data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The test setup demonstrates raw table deletion in `afterEach` using `$executeRawUnsafe` and assumes the database URL points to an isolated test database, but it does not enforce that assumption. If environment configuration is wrong, this cleanup logic can delete data from a non-test database, making the example operationally dangerous despite being framed as test code.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal