Graph DB Toolkit
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent Neo4j graph-database utility, but it can run powerful database queries and should be used only with intended, least-privileged credentials.
Install only if you intend to work with Neo4j/Cypher. Connect it to the intended database using least-privileged credentials, review any generated Cypher before running it, and do not use destructive helpers such as delete_all or DETACH DELETE without confirmation and backups.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad query could modify or erase graph data in the connected Neo4j database.
The client intentionally exposes arbitrary Cypher execution and an all-node delete helper. That is coherent for a Neo4j toolkit, but it can be high impact if used against production or the wrong database.
def query(self, cypher: str, parameters: Optional[Dict] = None) -> List[Dict]: ... session.run(cypher, parameters or {}) ... def delete_all(self): ... session.run("MATCH (n) DETACH DELETE n")Use the toolkit only for user-requested database actions, require explicit confirmation for destructive queries, keep backups, and prefer least-privileged or read-only accounts when possible.
The agent can read or change whatever the provided Neo4j account is allowed to access.
The skill uses Neo4j account credentials to connect to a database. This is expected for Neo4j operations, but users should recognize that all actions run with the supplied account's permissions.
self.driver = GraphDatabase.driver(uri, auth=(user, password))
Avoid hard-coded/default passwords, use credentials scoped to the intended database, and prefer read-only credentials for analysis-only tasks.
Installing later dependency versions could change behavior or inherit supply-chain risk from the package ecosystem.
The dependency file uses lower-bound version ranges without pinned versions or hashes. This is common for Python utilities, but it allows future dependency changes at install time.
neo4j>=5.15.0 networkx>=3.2.0 numpy>=1.24.0
Install from trusted indexes and consider pinning exact versions or using a lockfile for production environments.