Back to skill
Skillv0.1.1
ClawScan security
Kansodata Databricks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 2:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This instruction-only skill is internally consistent with a read-only Databricks SQL helper: it contains scoped runtime instructions, asks for reasonable inputs, and has no installs or extra credential requests that don't match its purpose.
- Guidance
- This skill appears coherent and low-risk as an instruction-only, read-only Databricks helper. Before installing: confirm your agent runtime actually provides the referenced databricks_sql_readonly tool and that it will supply authentication (the skill itself doesn't ask for credentials); ensure the platform's Databricks connector is configured with least-privilege, read-only access and auditing enabled; and test the skill in a non-production environment to verify the stated multi-statement/mutation protections and any catalog/schema allowlists behave as documented.
Review Dimensions
- Purpose & Capability
- okName/description (read-only Databricks SQL and planning) match the SKILL.md: it enumerates supported statement shapes, read-only policy, and required inputs (workspace URL, warehouse id, catalog/schema, target tables). Nothing requested (binaries, env vars, or installs) appears extraneous to a read-only SQL helper.
- Instruction Scope
- okSKILL.md limits runtime actions to a specific runtime tool (databricks_sql_readonly), enforces read-only and single-statement constraints, and instructs planning output for unsupported requests. It does not instruct reading unrelated files, environment variables, or transmitting data to external endpoints.
- Install Mechanism
- okNo install spec and no code files — this is instruction-only, which minimizes on-disk risk. The skill assumes a runtime tool (databricks_sql_readonly) is available from the platform rather than installing anything itself.
- Credentials
- noteThe skill declares the logical inputs it needs (workspace URL, environment, SQL warehouse id, catalog/schema, target tables) and requests no environment variables or credentials. This is proportionate for a description-level skill, but in practice executing Databricks SQL requires authentication; the skill relies on the platform's connector/tool to provide credentials. Verify that the platform plugin supplies least-privilege credentials rather than the skill asking for broad secrets.
- Persistence & Privilege
- okalways:false and default autonomous invocation are appropriate. The skill does not request persistent system modifications or global config changes.