index-optimization
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This database index-tuning skill is coherent, but it defaults to making create/drop index changes without user confirmation and without clear environment or credential boundaries.
Install only if you are comfortable with an agent helping modify database indexes. Before use, switch to confirmation-required mode, point it at a non-production database unless explicitly intended, review every DDL statement and rollback SQL, and ensure only least-privilege database credentials are available.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change database indexes during normal use, potentially causing locks, write overhead, or query regressions.
The default workflow permits high-impact database index creation or deletion without explicit user approval.
不指定:`免确认模式`(默认,无需等待用户确认,可直接执行创建/删除索引) ... `免确认模式`:无需等待用户确认,直接进入下一步执行
Make confirmation required by default, require explicit approval of the target database and exact DDL, and keep no-confirm execution as an explicit opt-in.
If pointed at a shared or production database, iterative index changes could affect application performance or availability beyond the immediate task.
The environment is only a preference, not a hard guard, while the workflow can iteratively apply database index changes.
explain 执行环境(优先 dev/sit) ... 执行索引变更并运行 explain ... 重复执行,直到命中目标索引或达到 3 次重设计上限
Require an explicit non-production target by default; for production, require a maintenance-window confirmation, rollback plan, and separate approval for each DDL change.
A user may reasonably expect approval prompts while the main workflow authorizes automatic index changes.
The interface prompt implies confirmation in both modes, but the main skill instructions make no-confirm execution the default.
agents/openai.yaml: "In both modes ... get user confirmation" vs SKILL.md: "免确认模式(默认,无需等待用户确认,可直接执行创建/删除索引)"
Align the agent prompt and SKILL.md so the default approval behavior is unambiguous and conservative.
The agent may use whatever database credentials are available in the environment, including credentials with production or broad schema-changing rights.
The workflow needs database access and likely DDL privileges, but the registry metadata does not declare what credentials or permission scope are required.
metadata: "Primary credential: none" / "Required env vars: none"; SKILL.md: "SHOW INDEX" / "getIndexes()" and "执行创建/删除索引"
Declare required database credentials and scopes, prefer read-only access for discovery/explain, and require a separate least-privilege DDL credential only after approval.
The skill may fail or behave differently on systems without the undeclared local dependency.
The helper script depends on ripgrep, while the registry requirements list no required binaries.
print("ERROR: `rg` is required but not found in PATH.", file=sys.stderr)Declare required binaries such as python3 and ripgrep in metadata, or document a fallback path clearly.