MySQL Administration
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mysqladm Version: 0.1.0 The skill bundle contains several shell scripts (`mysql_query.sh`, `mysql_backup.sh`, and `mysql_restore.sh`) that use the `eval` command to execute shell strings constructed directly from input arguments. This pattern creates a significant shell injection vulnerability, potentially allowing an attacker (or a manipulated AI agent) to achieve Remote Code Execution (RCE) on the host system. While the bundle's functionality aligns with its stated purpose of MySQL administration, the lack of input sanitization in these core scripts represents a high-risk security flaw.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious query value could run commands on the user’s machine with the agent/user’s privileges.
The script accepts a caller-provided query and then executes a shell command through eval. Because eval reinterprets shell metacharacters, crafted query text or connection values could become local shell commands rather than just MySQL input.
--query)
QUERY="$2"
...
echo "$MYSQL_CMD" -e "$QUERY" | sed 's/p'"$PASSWORD"'//' | eval $MYSQL_CMD -e "$QUERY"Do not use the bundled query script until eval is removed. Invoke mysql with a safely quoted argument array, pass the query as a single argument, and validate connection parameters.
A crafted database name, password, or output path could execute local commands or write to unintended locations during a backup.
The backup script concatenates host, user, password, database, and output path into a shell command string and runs it with eval. Untrusted or malformed values can break out of the intended mysqldump command.
MYSQLDUMP_CMD="mysqldump -h $HOST -P $PORT -u $USER -p$PASSWORD $DATABASE" ... MYSQLDUMP_CMD="$MYSQLDUMP_CMD > $OUTPUT" ... eval $MYSQLDUMP_CMD
Replace eval with direct command execution and normal shell redirection, quote every variable, restrict output paths where appropriate, and handle compression without constructing shell strings.
If used against a production or privileged database, mistakes can change data, schemas, permissions, or availability.
The skill explicitly covers broad database administration actions, including schema mutation, restore, and permission changes. This is aligned with the stated purpose, but it is high-impact authority.
Use when: (1) executing queries and displaying results, (2) managing schemas (create/alter tables, indexes), (3) database backup/restore, (4) performance analysis ... (5) user and permission management.
Use least-privilege database accounts, confirm the target host/database before any write operation, and require explicit approval for CREATE, ALTER, DROP, GRANT, RESTORE, and similar actions.
Using root or broad database credentials increases the blast radius of mistakes, and command-line passwords may be exposed through shell history or process listings.
The setup examples use database credentials, including a root-style account, and pass the password on the command line. Credentials are expected for MySQL administration, but this is sensitive handling.
export MYSQL_USER="root" export MYSQL_PASSWORD="password" ... mysql -h $MYSQL_HOST -P $MYSQL_PORT -u $MYSQL_USER -p$MYSQL_PASSWORD
Prefer a dedicated least-privilege MySQL user, avoid embedding passwords directly in command lines, and use safer credential mechanisms such as MySQL option files or interactive prompts where possible.
Platform checks may not warn users that the skill relies on MySQL CLI tools, database credentials, and runnable shell scripts.
The registry-level metadata under-declares the runtime dependencies and code presence compared with the skill’s documented MySQL CLI usage and bundled scripts. This appears to be a packaging/metadata gap rather than hidden behavior.
Required binaries (all must exist): none Required binaries (at least one): none Required env vars: none Install specifications No install spec — this is an instruction-only skill. Code file presence 3 code file(s):
Align the registry metadata with the actual requirements, install options, credential expectations, and script capabilities so users and tooling can make accurate decisions.