Data Twingler Skill for SQL, SPARQL, and GraphQL
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for querying live SQL, SPARQL, and GraphQL data services, but users should notice that it can make external, authenticated, and cached query calls.
Install this skill if you want an agent to query OpenLink and other live SQL/SPARQL/GraphQL-style data services. Before use, review the endpoint and query being sent, avoid including secrets or private data unless you trust the destination and cache behavior, and confirm any authenticated MCP/OpenLink account has appropriate least-privilege access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use this skill for generic how-to or definition questions even when the user did not intend to query a live data source.
The skill gives broad invocation triggers and prioritizes its templates over general model knowledge, which could route ordinary questions into this data-query workflow.
Use this skill whenever ... asks "How to ...", "Define the term ..." ... Always load `references/query-templates.md` ... before falling back to general LLM knowledge.
Use or allow the skill mainly for explicit database, SPARQL, GraphQL, knowledge-graph, or OpenLink data-space tasks; consider requiring confirmation for generic questions.
Queries and endpoint URLs may be sent to live public or third-party services, and poorly scoped queries could be expensive, malformed, or hit unintended endpoints.
The skill authorizes raw external query execution and user-specified endpoints. This is core to the stated purpose, but it is a broad execution surface.
Direct native endpoint calls with `curl` ... SPARQL-FED ... User explicitly names a SPARQL endpoint URL in the prompt.
Review the endpoint and query text before execution, prefer read-only SELECT-style queries unless mutation is explicitly intended, and keep row/time limits in place.
If an authenticated OpenLink/MCP client is configured, queries may run with that account's permissions.
Some routes may rely on an already-configured authenticated client or account. That is expected for the integration, but account scope matters.
Treat MCP as requiring authentication unless the client is already configured.
Use least-privilege credentials, confirm which account is configured, and avoid running the skill against private endpoints unless you trust the service and account scope.
Sensitive query text or results could persist temporarily if the host implements the requested cache.
The skill instructs caching for one hour, so query context or results may be reused during that TTL.
Cache TTL | 3600 seconds ... Leverage caching (TTL 3600s) and parallel execution.
Avoid submitting secrets or sensitive private data unless you understand the cache behavior; clear or disable caching for sensitive sessions if possible.
Prompt and query content may transit external MCP or agent-routing services when those routes are selected.
The skill can route work through MCP/agent-style endpoints, making identity, authentication, and data-boundary configuration relevant.
MCP via streamable HTTP or SSE ... `https://linkeddata.uriburner.com/chat/mcp/messages` ... `https://linkeddata.uriburner.com/chat/mcp/sse`.
Use trusted MCP/OPAL endpoints only, verify authentication settings, and avoid sending sensitive data through these routes unless appropriate.