Skillv1.0.1

ClawScan security

lin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 25, 2026, 2:29 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (parse URL params and save to MySQL) but is incoherent in places: it doesn't declare required DB credentials/dependencies and contains unsafe SQL construction that could be abused or cause data exfiltration.
Guidance: This script will connect to a MySQL server and create/modify a table using column names derived directly from URL query parameter names. Before installing or running it, consider the following: - Credential and dependency disclosure: The skill metadata does not declare required env vars or the mysql-connector dependency. Expect to provide DB_HOST, DB_USER, DB_PASSWORD, DB_NAME and to install the mysql-connector package and Python runtime. - Principle of least privilege: Do not run this with root or highly privileged DB accounts. Create a dedicated DB user with minimal INSERT/CREATE privileges limited to a dedicated database. - SQL identifier injection risk: Column names are interpolated directly into CREATE TABLE and INSERT statements without quoting or validation. Malicious or malformed parameter names could break SQL or be exploited. Only allow safe column names (e.g., validate against /^[A-Za-z0-9_]+$/) and/or quote identifiers properly. - Data sensitivity & exfiltration: The script will transmit any URL parameters to the configured DB. Ensure you trust the DB host (keep it local or in a trusted network) and avoid sending sensitive tokens/passwords. Treat this as a data exfiltration surface if the DB is remote. - Suggested code fixes: a) Require and document env vars in SKILL.md/metadata. b) Validate/sanitize column names to a safe whitelist and quote identifiers with backticks after validation. c) Avoid hardcoded default credentials; fail if no credentials are provided. d) Add explicit instructions about installing dependencies (pip install mysql-connector-python). e) Limit column size and handle name collisions. If you cannot review and lock down the DB and the script before use, treat this skill as risky and do not enable it on agents that can access sensitive URLs or run autonomously.

Review Dimensions

Purpose & Capability: concernThe name/description (save URL params to MySQL) matches the code's behavior, but the skill metadata declares no required environment variables or dependencies even though the script expects DB connection settings (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) and the mysql.connector Python package. This mismatch is unexplained and reduces transparency.
Instruction Scope: concernSKILL.md instructs only to run the script with a URL and mentions MySQL, which is consistent, but it omits key runtime details (Python runtime, mysql-connector package, expected env vars). The script will connect to an arbitrary MySQL host and write data there — this behavior can be a vector for unintended data exfiltration if a remote DB is configured, and the docs do not warn about sensitive data handling.
Install Mechanism: okNo install spec — the skill is instruction-only with an included Python script. This minimizes install-time risk, but runtime dependencies (python package mysql.connector) are not declared.
Credentials: concernThe code relies on environment variables for DB credentials but the skill metadata lists none. Default credentials (DB_USER=root, DB_PASSWORD=root, DB_HOST=localhost, DB_NAME=test_db) are embedded in the script, which is unsafe. The skill requests (implicitly) high-privilege DB access without documenting or justifying it.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges or modify other skills/config. It only performs a one-off database write when invoked.