PostgreSQL Database
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: postgres-db Version: 1.0.0 The skill is classified as suspicious due to several critical vulnerabilities. The `scripts/query.py` file directly executes arbitrary SQL queries provided as command-line arguments, creating a significant SQL injection risk if an AI agent constructs these queries from untrusted user input. Additionally, `scripts/backup.py` executes external `pg_dump` and `pg_restore` commands with arguments derived from user input, which could lead to argument injection or unintended file operations. The `scripts/schema_export.py` script also presents a file write vulnerability by allowing the output path to be specified arbitrarily, potentially overwriting sensitive files. While these are not explicitly malicious actions, they are severe flaws that could be exploited for unauthorized database access, data manipulation, or system compromise.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with powerful database credentials, the skill could change or delete production data with the authority of that account.
The query helper executes a caller-provided SQL string and commits non-result statements, enabling write/delete operations without built-in confirmation, allowlisting, or read-only defaults.
cur.execute(query) ... conn.commit()
Use least-privilege or read-only database users by default, require explicit user confirmation for INSERT/UPDATE/DELETE/DDL, and add dry-run or transaction rollback guidance for risky changes.
A restore against the wrong database could remove existing tables or objects and cause broad data loss or service disruption.
The restore path always includes pg_restore --clean, which drops existing database objects during restore, with no confirmation or environment containment shown.
'--clean', # Drop existing objects
Require explicit confirmation before restore, warn clearly about --clean, default to non-destructive restore where possible, and restrict use to verified backup files and target databases.
The skill’s database actions will run with whatever privileges the configured PostgreSQL account has.
The script uses PostgreSQL credentials from the environment and defaults to the high-privilege postgres user if PGUSER is not set.
user=os.environ.get('PGUSER', 'postgres'), password=os.environ.get('PGPASSWORD', '')Configure a dedicated least-privilege PostgreSQL user and avoid using superuser credentials unless the specific task requires them.
Users may need to install dependencies manually, and dependency versions/provenance are not controlled by the skill package.
The skill documents required local tools and Python libraries, but the registry requirements and install spec do not declare or pin them.
- PostgreSQL client tools (psql, pg_dump) - Python 3.7+ - psycopg2 or asyncpg library
Declare required binaries, environment variables, and pinned Python dependencies in installation metadata or provide clear, trusted setup instructions.