KWDB Text-to-SQL
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a privileged KWDB instance, a mistaken or overbroad generated SQL statement could change or delete database data.
The skill can route generated SQL into a write-capable MCP tool, including destructive or schema-changing commands, with no separate guardrails for DROP, DELETE, or ALTER beyond a generic execution confirmation.
Write query: INSERT, UPDATE, DELETE, CREATE, DROP, ALTER → use `write-query`
Use a least-privilege or read-only MCP account when possible, review generated SQL carefully, and require a separate explicit confirmation for destructive write operations.
The agent may see database names, table names, and schemas that could reveal sensitive structure or business context.
The skill uses the MCP server's database authority to discover database and schema metadata. This is useful for SQL generation but relies on the privileges of the configured KWDB connection.
Execute `SHOW DATABASES` to list all databases ... Execute `SHOW TABLES FROM {database_name}` ... Execute `SHOW CREATE TABLE {database_name}.{table_name}`Connect it only to KWDB accounts and databases the agent is allowed to inspect, and avoid broad admin credentials for routine SQL generation.
Query results may include sensitive operational or business data that becomes visible in the chat context.
KWDB query results and metadata flow through an MCP server into the agent's response. This is purpose-aligned, but the artifacts do not define separate data-boundary or redaction rules.
`read-query` ... Returns ... `rows`: [{"col1": "val1", "col2": "val2"}]Limit queries to needed data, avoid selecting sensitive columns unless necessary, and configure the MCP server with appropriate access controls.