Security audit

MySQL Administration

Security checks across malware telemetry and agentic risk

Overview

This MySQL admin skill is useful for its stated purpose, but its helper scripts and examples handle credentials and destructive database actions too unsafely for automatic approval.

Review and harden this skill before installing, especially before using it with production databases. Prefer MySQL option files or mysql_config_editor for credentials, remove eval-based command construction, add explicit confirmation for destructive restore/drop operations, and test any grant or SET GLOBAL guidance in a non-production environment first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (15)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The script constructs a shell command containing the plaintext MySQL password and then echoes that command as part of execution. Even though it attempts to scrub the password with sed, this pattern is unsafe because credentials are still placed on the command line and the redaction is brittle; passwords may leak via process listings, logs, shell history, or malformed redaction behavior.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The quickstart instructs users to export a plaintext MySQL root password in shell environment variables and to pass it on the command line with -p$MYSQL_PASSWORD. This can expose credentials through shell history, process listings, logs, or inherited environments, and the document does not warn users about those risks or recommend safer alternatives.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The cleanup section includes destructive commands that drop a database and recursively delete a backup directory without an explicit warning or confirmation step. Even though the targets are scoped to a test database and /tmp/mysql_backup, copy/paste mistakes, variable changes, or running in the wrong environment could cause data loss.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The restore examples show direct execution of database restore commands but do not prominently warn that the target database contents may be overwritten or corrupted if the wrong database or input file is selected. In an agent skill, this is especially risky because users may invoke restore operations quickly or against production systems, turning documentation into an unsafe operational playbook.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The user-management examples create accounts and grant privileges without a clear warning about the security consequences of privilege changes, including accidental overprivilege or exposure through broad host patterns like '%'. In a reusable skill, these snippets may be copied into production workflows, increasing the chance of insecure account creation and privilege escalation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document shows `SET GLOBAL` commands that change server-wide logging behavior without warning that they affect all sessions, may require elevated privileges, and can increase disk usage or performance overhead. In a reference guide, readers may copy-paste these commands into production systems, causing operational disruption or unexpected exposure of query activity.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The maintenance section includes `OPTIMIZE TABLE`, `CHECK TABLE`, and especially `REPAIR TABLE` with minimal safety guidance. These operations can lock tables, consume significant resources, behave differently by storage engine, and in some cases risk service interruption or misuse during incident response.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The InnoDB tuning examples use `SET GLOBAL` for core database parameters without warning about memory pressure, runtime instability, version-specific behavior, and restart requirements for some settings. Applying these blindly on a live server can degrade performance, fail unexpectedly, or disrupt database availability.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The `KILL <process_id>` example omits that terminating a query or connection can interrupt active user work, abort transactions, and leave operators with incomplete context about what is being stopped. In a troubleshooting reference, this encourages unsafe use of a disruptive administrative action.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script constructs a shell command containing the database password in plaintext and executes it with eval, which exposes credentials via process listings, shell history/logging, and error traces. Because multiple command components are built from user-controlled arguments without safe escaping, this also increases the chance of command injection and makes the backup operation more dangerous than a normal mysqldump invocation.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script uses eval on a command string built from untrusted inputs such as host, port, user, database, and query. This creates a direct command injection path: an attacker can supply shell metacharacters in arguments and cause arbitrary OS command execution in addition to the intended SQL execution.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script accepts the password as a command-line argument and stores it in a variable, which is commonly exposed to other local users through process inspection and may also be captured in shell history or orchestration logs. In a skill context, this is more dangerous because credentials may be supplied automatically by agents and then persisted in logs or telemetry without the operator noticing.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The script can drop and recreate the target database with no interactive confirmation, dry-run mode, or strong safety guard. If parameters are wrong or attacker-influenced, this can cause immediate destructive data loss in production environments.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Passing the MySQL password on the command line exposes credentials to process listings, shell history, logs, and monitoring tools on many systems. This can allow local users or telemetry systems to capture database credentials and reuse them for unauthorized access.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The script constructs shell command strings from untrusted arguments and executes them with eval, enabling command injection through values like HOST, USER, DATABASE, PASSWORD, PORT, or INPUT. An attacker who can influence script arguments can execute arbitrary OS commands with the privileges of the script runner.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.