ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Database Manager

Database management skill supporting PostgreSQL, MySQL, SQLite, and MongoDB. Query, migrate, backup, and manage databases.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 80 · 0 current installs · 0 all-time installs
by@jpengcheng523-netizen
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (manage PostgreSQL, MySQL, SQLite, MongoDB) matches the instructions' intent, but the skill provides no code or install mechanism to perform any database operations. An actual DB management skill would either ship executable code, declare required binaries, or provide an install spec — none are present.
!
Instruction Scope
SKILL.md instructs the agent to run 'python3 scripts/db.py' with various commands and shows environment variables like DB_PASS and DB_URI. However, there is no scripts/db.py in the bundle and the instructions ask for credentials via environment variables that are not declared in metadata. This is scope-incoherent: the runtime instructions require reading/using secrets and files that are not provided or justified by the package contents.
Install Mechanism
The skill is instruction-only with no install spec. That is low-risk from an installation perspective, but also explains why no code is present — either the packaging is incomplete or the instructions expect existing local tooling.
!
Credentials
The documentation shows use of sensitive environment variables (DB_PASS, DB_URI, DB_USER) but the registry metadata lists no required env vars or primary credential. That mismatch is a red flag: the skill will need database credentials to function, but it does not declare or justify them in its metadata, so a user might be asked to provide secrets without a clear provenance for how they'll be used or stored.
Persistence & Privilege
The skill does not request permanent presence (always is false) and allows normal autonomous invocation by the agent (default). There is no evidence it attempts to modify other skills or request elevated platform privileges.
What to consider before installing
This package appears incomplete or inconsistently packaged — the README expects a 'scripts/db.py' and DB credentials but no code or install steps are included. Do not provide production database credentials or run unknown database commands until you verify the code and source. Recommended steps before installing or using: - Ask the publisher for the source repository or the missing scripts and an install procedure. - Review the actual scripts (scripts/db.py and any helpers) for what they'll do with credentials, where backups are written, and whether they transmit data externally. - If you must test, use an isolated environment and a least-privilege test database/account (read-only when possible) and avoid giving access to production data. - Prefer skills that declare required env vars in metadata and include an install spec or signed source; treat mismatches (instructions asking for secrets while metadata lists none) as a warning sign. If the publisher responds with source code, repeat the review focusing on: where backups are stored/transmitted, SQL migration safety, credential handling, and any network calls to unexpected endpoints.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk975n6y4cckm1gy2tsej9yyva583hxnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Database Manager

Manage databases with support for multiple database systems.

When to Use

  • User wants to query a database
  • Create backups and migrations
  • Manage database schemas
  • Import/export data

Supported Databases

  • PostgreSQL
  • MySQL / MariaDB
  • SQLite
  • MongoDB

Configuration

# PostgreSQL
export DB_TYPE="postgresql"
export DB_HOST="localhost"
export DB_PORT="5432"
export DB_NAME="mydb"
export DB_USER="postgres"
export DB_PASS="password"

# MongoDB
export DB_TYPE="mongodb"
export DB_URI="mongodb://localhost:27017/mydb"

Usage

Execute query

python3 scripts/db.py query "SELECT * FROM users LIMIT 10"

Execute from file

python3 scripts/db.py query --file ./query.sql

Create backup

python3 scripts/db.py backup --output ./backup.sql

Restore backup

python3 scripts/db.py restore --input ./backup.sql

Run migration

python3 scripts/db.py migrate --dir ./migrations/

Export to CSV

python3 scripts/db.py export \
  --table users \
  --format csv \
  --output ./users.csv

Import from CSV

python3 scripts/db.py import \
  --table users \
  --input ./users.csv

Output

{
  "success": true,
  "rows_affected": 10,
  "rows": [
    {"id": 1, "name": "Alice"},
    {"id": 2, "name": "Bob"}
  ]
}

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…