Museum Data Manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs the wrong SQL, it could modify, delete, or expose museum database records.
The custom query command sends the agent-supplied SQL directly to MySQL with no read-only restriction, allowlist, or confirmation step.
result = run_sql(args.sql)
Make the default query mode read-only, require explicit user approval for write/delete/schema statements, and provide safer scoped commands for updates.
A crafted museum name, status, or location value could change the intended database query and potentially expose or alter data.
User-controlled CLI arguments are interpolated directly into SQL strings, creating SQL-injection risk if untrusted text is passed as a filter or lookup value.
where_clauses.append(f"location LIKE '%{args.location}%'")Use parameterized SQL or strict validation/escaping for all structured command arguments.
Using an over-privileged account could let accidental or malicious prompts cause permanent database changes.
The documentation recommends write/delete or full database privileges. Combined with unrestricted SQL execution, this grants the agent high-impact authority over the database.
Ensure your MySQL user has: SELECT, INSERT, UPDATE, DELETE on the database - Or full privileges: `GRANT ALL ON museumcheck.* TO 'user'@'%';`
Use a least-privilege MySQL account, preferably read-only unless a task explicitly requires writes, and avoid granting ALL privileges to this skill.
Other local users or monitoring tools might be able to see the database password while the command is running.
The MySQL password is passed to the mycli subprocess as a command-line argument, which can expose it locally through process inspection on some systems.
'-p', DB_CONFIG['password'],
Avoid passing passwords on the command line; use a secure MySQL client configuration file, prompt-based authentication, or another credential mechanism with appropriate file permissions.
The skill may fail or may use whichever mycli binary is found on the system PATH, so users need to trust that local executable.
The code depends on an external mycli executable, while the supplied registry requirements say no binaries are required.
paths = ['mycli', f'{home}/Library/Python/3.11/bin/mycli', f'{home}/.local/bin/mycli', '/usr/local/bin/mycli', '/usr/bin/mycli']Declare mycli as a required dependency and install or verify it from a trusted source before use.