KWDB Install
PassAudited by ClawScan on May 13, 2026.
Overview
This looks like a straightforward KaiwuDB deployment helper, but it uses privileged installer commands so you should only run it with a trusted package on intended servers.
Before installing, make sure you are on the intended Linux server, use an official KaiwuDB package, verify its integrity, review every configuration value, and understand that sudo, SSH, Docker, and systemctl actions can persistently change the machine or cluster.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved on the wrong host or with the wrong configuration, the agent could change system state, start services, or affect cluster nodes.
The skill documents commands that create protected directories, extract an installer, run deployment scripts, and optionally enable a boot-time service. This is purpose-aligned for installing a database, but it is high-impact system tooling.
sudo mkdir -p /opt/kaiwudb ... tar -xzf "$INSTALL_PACKAGE_PATH" -C /opt/kaiwudb ... ./deploy.sh install --single ... systemctl enable kaiwudb
Run it only on intended KaiwuDB servers, review the generated deploy.cfg, and confirm each privileged command before execution.
A misconfigured or unintended run could affect not only the local machine but also reachable cluster nodes.
The deployment requires administrative host permissions and may rely on passwordless SSH and Docker group membership, all of which are powerful privileges.
SSH passwordless login is configured between the current node and other nodes in the cluster. The installation user is the `root` user or a regular user with `sudo` privileges. ... add the user to the `docker` group
Use only authorized admin accounts, limit passwordless SSH to intended hosts, and remove or restrict elevated access after deployment if it is no longer needed.
A tampered or unofficial package with a matching filename could be installed if the user supplies it.
The install flow depends on an external local tar.gz package and validates only existence and filename format, not authenticity or integrity.
The installation package path must be explicitly provided by the user and must not be guessed ... if [[ "$(basename $INSTALL_PACKAGE_PATH)" != KaiwuDB*.tar.gz ]]; then
Obtain KaiwuDB packages from an official trusted source and verify checksums or signatures before running the deployment script.