Back to skill
Skillv1.0.0
ClawScan security
SQL Query Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 22, 2026, 4:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is a self-contained, instruction-only SQL-lint/optimizer that asks for no credentials or installs and its inputs/outputs align with its stated purpose.
- Guidance
- This skill appears coherent and low-risk: it only provides static SQL suggestions and does not request credentials or install software. Before using it in automated workflows, keep in mind: (1) it does not connect to your database or run EXPLAIN by itself — paste actual EXPLAIN output if you want real execution-plan analysis; (2) suggestions are generic and may be incorrect or overly blunt (example shows LIMIT 100); (3) the implementation snippet has a missing applySuggestions function, so optimized output may be a placeholder. If you plan to integrate the skill with an agent that has database access, avoid supplying production DB credentials unless you trust the skill's source; consider asking the author for a homepage or repo to verify provenance.
Review Dimensions
- Purpose & Capability
- okName and description match the actual content: static analysis and optimization suggestions for SQL. The skill requests no unrelated binaries, env vars, or installs.
- Instruction Scope
- noteSKILL.md and skill.yaml contain only static analysis guidance (patterns, suggestions). They do not request database connections, read files, or transmit data. Minor implementation inconsistency: the JavaScript snippet refers to applySuggestions (not defined) and the example output uses an arbitrary 'LIMIT 100' — a functional/accuracy issue but not a security red flag.
- Install Mechanism
- okNo install spec or code to download; this is instruction-only, which minimizes disk/network risk.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths — proportional and minimal for its stated purpose.
- Persistence & Privilege
- okalways:false and no sign of writing or modifying other skills or system-wide configs. Autonomous invocation is allowed (platform default) but not elevated.