Database Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
This database skill is purpose-aligned but broad: it asks for database credentials, can change or export data, and references a helper script that is not included for review.
Before installing or using this skill, verify the missing scripts/db.py code, run it only from a trusted path, and use least-privilege database credentials. Treat restore, migration, import, export, and arbitrary query actions as high-impact operations that should require explicit user approval and ideally be tested on a staging database first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used against the wrong database or with overly privileged credentials, the agent could make lasting database changes or expose data through export/backup workflows.
These documented operations can overwrite data, change schemas, or bulk-import records, and the artifact does not specify approval, dry-run, rollback, or environment scoping before such actions.
python3 scripts/db.py restore --input ./backup.sql; python3 scripts/db.py migrate --dir ./migrations/; python3 scripts/db.py import --table users --input ./users.csv
Require explicit user confirmation for restore, migrate, import, export, and non-read-only queries; use read-only credentials by default; test in staging; and back up before any write operation.
The command may fail or may run an unreviewed local scripts/db.py while database credentials are configured, creating path-confusion and provenance risk.
The reviewed artifact set contains only SKILL.md and no scripts/db.py helper, so following this relative command would depend on code that was not supplied or reviewed and could resolve to an unintended local file.
python3 scripts/db.py query "SELECT * FROM users LIMIT 10"
Ship the referenced helper code in the skill, declare the Python/runtime requirements, use a skill-owned absolute path, and avoid executing relative helper scripts unless the user has reviewed them.
Database credentials may grant access to sensitive or production data if configured with broad privileges.
The skill expects database credentials or connection URIs, which is normal for this purpose, but the registry metadata declares no required environment variables or primary credential.
export DB_USER="postgres"; export DB_PASS="password"; export DB_URI="mongodb://localhost:27017/mydb"
Use least-privilege database users, prefer read-only accounts for query/export tasks, separate admin credentials for migrations, and avoid production credentials unless the action is explicitly intended.