neo4j-cypher-query-analyze
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Neo4j graph-query helper, but it will use database credentials to run Cypher queries and cache schema details, so it should be installed with limited database access.
Install only if you are comfortable letting the agent query the configured graph database. Use a dedicated read-only account, inspect generated Cypher before running it, avoid production/admin credentials, and clear cached schema information if it contains sensitive structure or becomes outdated.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated query can read from, and potentially modify, the configured database if the supplied account has write permissions.
The skill instructs the agent to submit generated Cypher queries to the graph database over HTTP using curl.
curl -s -X POST ... -u "${GRAPHDB_USER}:${GRAPHDB_PASSWORD}" ... "statement": "${CYPHER_QUERY}"Use a dedicated read-only or least-privilege database account, review generated Cypher before execution, and require explicit approval for any CREATE, DELETE, SET, REMOVE, MERGE, DROP, or LOAD query.
The agent’s database access will be as broad as the provided Neo4j or graph database credentials allow.
The skill requires database connection details and credentials to perform its intended queries.
requires: env: ["GRAPHDB_URI", "GRAPHDB_USER", "GRAPHDB_PASSWORD", "GRAPHDB_DATABASE"]
Do not provide admin credentials; create a scoped account limited to the intended database and preferably restricted to read-only access.
Internal labels, relationship types, and property names may persist for future use and could become stale or be reused in later tasks.
The skill stores schema metadata in memory for later query generation.
使用 `memory` 工具缓存 Schema 信息 ... 缓存键: graphdb_schema_{database_name} ... ttl_hours: 24Avoid caching sensitive sample values, clear or refresh the schema cache when needed, and keep cache scope tied to the intended database.