index-optimization
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: index-optimization Version: 1.0.0 The skill bundle provides powerful capabilities for database index optimization, including repository-wide code scanning via ripgrep and the execution of DDL commands (Create/Drop index) on MySQL, PostgreSQL, and MongoDB. A significant security concern is found in SKILL.md, which sets 'No-confirm' (免确认模式) as the default execution mode, allowing the agent to modify or delete database indexes without explicit user approval. While these actions are consistent with the tool's purpose, the default lack of human-in-the-loop for destructive database operations and the broad shell execution surface in scripts/collect_table_queries.py pose a high operational risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change database indexes during normal use, potentially causing locks, write overhead, or query regressions.
The default workflow permits high-impact database index creation or deletion without explicit user approval.
不指定:`免确认模式`(默认,无需等待用户确认,可直接执行创建/删除索引) ... `免确认模式`:无需等待用户确认,直接进入下一步执行
Make confirmation required by default, require explicit approval of the target database and exact DDL, and keep no-confirm execution as an explicit opt-in.
If pointed at a shared or production database, iterative index changes could affect application performance or availability beyond the immediate task.
The environment is only a preference, not a hard guard, while the workflow can iteratively apply database index changes.
explain 执行环境(优先 dev/sit) ... 执行索引变更并运行 explain ... 重复执行,直到命中目标索引或达到 3 次重设计上限
Require an explicit non-production target by default; for production, require a maintenance-window confirmation, rollback plan, and separate approval for each DDL change.
A user may reasonably expect approval prompts while the main workflow authorizes automatic index changes.
The interface prompt implies confirmation in both modes, but the main skill instructions make no-confirm execution the default.
agents/openai.yaml: "In both modes ... get user confirmation" vs SKILL.md: "免确认模式(默认,无需等待用户确认,可直接执行创建/删除索引)"
Align the agent prompt and SKILL.md so the default approval behavior is unambiguous and conservative.
The agent may use whatever database credentials are available in the environment, including credentials with production or broad schema-changing rights.
The workflow needs database access and likely DDL privileges, but the registry metadata does not declare what credentials or permission scope are required.
metadata: "Primary credential: none" / "Required env vars: none"; SKILL.md: "SHOW INDEX" / "getIndexes()" and "执行创建/删除索引"
Declare required database credentials and scopes, prefer read-only access for discovery/explain, and require a separate least-privilege DDL credential only after approval.
The skill may fail or behave differently on systems without the undeclared local dependency.
The helper script depends on ripgrep, while the registry requirements list no required binaries.
print("ERROR: `rg` is required but not found in PATH.", file=sys.stderr)Declare required binaries such as python3 and ripgrep in metadata, or document a fallback path clearly.