odps-sql
ReviewAudited by ClawScan on May 18, 2026.
Overview
This looks like a real ODPS query helper, but it deserves review because it can run unrestricted SQL with Alibaba Cloud credentials and uses loosely scoped credential and HTTP endpoint handling.
Install only if you are comfortable giving this skill ODPS access. Use a least-privilege/read-only Alibaba Cloud RAM key, verify the exact environment variable names, prefer an HTTPS MaxCompute endpoint, run it from a controlled directory, and review any SQL before it executes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user supplies unsafe SQL, the configured ODPS account could run costly full scans or modify/delete data if its permissions allow it.
The helper sends the provided SQL string directly to ODPS. It does not restrict the statement to read-only queries, require confirmation for DDL/DML, or enforce the documented partition/LIMIT safeguards before execution.
group.add_argument("--query", metavar="SQL", help="执行 SQL 查询") ... with odps.execute_sql(sql).open_reader() as reader:Use a least-privilege read-only RAM account where possible, enforce SELECT/SHOW/DESCRIBE-only behavior for exploration, add server-side LIMIT and partition checks, and require explicit confirmation for any DDL/DML or large-scan query.
The tool could unintentionally use Alibaba Cloud credentials, project settings, or endpoint settings from an unrelated project directory, leading to queries against the wrong account or data environment.
The credential/config loader reads the current working directory `.env` before the skill-local `.env` and imports all key-value pairs into the process environment. This makes the credential source broader than the setup instructions imply.
candidates = [os.path.join(os.getcwd(), ".env"), os.path.join(os.path.dirname(__file__), "..", ".env")] ... os.environ[key] = value
Load only an explicit skill-local config file or require explicit environment variables, document the exact variable names used by the code, and validate the selected project and endpoint before running queries.
SQL text, query results, request metadata, or signed credentialed requests may be exposed to network interception unless the user overrides the endpoint with a secure trusted HTTPS endpoint.
The default credentialed provider endpoint uses HTTP rather than HTTPS. The template also lists HTTP MaxCompute endpoints.
endpoint = os.environ.get("ALIYUN_ODPS_ENDPOINT", "http://service.cn-beijing.maxcompute.aliyun.com/api")Default to HTTPS MaxCompute endpoints, document the required trusted endpoint format, and reject or warn on plain HTTP endpoints unless the user explicitly accepts that risk.
The installed package version may vary over time, which can affect behavior or supply-chain assurance.
Installing `pyodps` is expected for this ODPS helper, but the setup uses an unpinned package install and there is no install spec or lockfile in the provided artifacts.
pip install pyodps
Install from a trusted Python environment and consider pinning a reviewed `pyodps` version.