ClickHouse
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or premature SQL command could change schemas, remove columns, trigger expensive merges, or affect production database behavior.
The skill documents schema migration and optimization commands that can modify or remove database data. This is expected for ClickHouse administration, but the impact can be significant.
ALTER TABLE events DROP COLUMN old_field; ... OPTIMIZE TABLE events FINAL;
Review and explicitly approve any INSERT, ALTER, DROP, KILL, OPTIMIZE, TTL, or migration command before letting the agent run it against a real database.
If real credentials are pasted into prompts, shell commands, URLs, or saved queries, they may be retained in logs, histories, or local memory.
The documentation includes examples using ClickHouse passwords and cloud access keys. These are normal for authenticated database and S3 access, but credentials in command lines or SQL can be exposed through history or logs.
curl 'http://localhost:8123/?user=default&password=xxx' ... s3('https://bucket.s3.amazonaws.com/data/*.parquet', 'AWS_KEY', 'AWS_SECRET', 'Parquet')Use secure credential handling where possible, avoid placing secrets directly in prompts or URLs, and prefer scoped/temporary credentials for database and S3 access.
Connection profiles, schema notes, and query patterns may persist across future sessions and influence later recommendations.
The skill intentionally stores persistent local context about the user's ClickHouse environment. This is useful for optimization help but may include sensitive infrastructure and schema details.
Save to ~/clickhouse/memory.md: - Host, port, database - Auth method (if any) - Whether it's a cluster
Do not store passwords or secrets in ~/clickhouse/memory.md, review the file periodically, and delete it if you do not want the agent to retain ClickHouse context.