Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Database Migration Manager
v1.0.1Database migration manager. Detects ORM/migration tool in use, generates migrations, handles rollbacks, creates seed scripts, diffs schemas between environme...
⭐ 0· 47·0 current·0 all-time
bySamih Mansour@llcsamih
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md content directly implements a database migration manager (detects ORMs, generates migrations, runs/rolls back, backups). That purpose justifies reading project files and invoking DB CLIs. However, the package metadata declares no required binaries, env vars, or config paths while the runtime instructions say specific CLIs (prisma, drizzle-kit, knex, alembic, psql, mysql, sqlite3, Django manage.py) must be present and that .env/.env.local will be read. The omission in metadata is an inconsistency that should be corrected.
Instruction Scope
The instructions explicitly tell the agent to scan the project, read migration history, and read project environment files (.env, .env.local) to obtain DB credentials. Those actions are within scope for a migration tool, but they involve reading secrets from project files. The doc claims destructive operations require explicit user confirmation and production actions create backups first, which mitigates risk if followed — but those are procedural guarantees in prose and rely on the agent enforcing them.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which minimizes direct installation risk (no arbitrary archive downloads). It expects local CLIs to already be installed; the metadata should have declared those binaries but did not.
Credentials
Metadata lists no required environment variables or config paths, yet the instructions state the skill will read .env and .env.local for database credentials and may connect to remote DBs if the project's configuration points to one. Asking the agent to access project env files without declaring that need is disproportionate and a privacy/security concern (these files often contain secrets).
Persistence & Privilege
The skill is not always-included and has no install-time persistence or system-wide configuration changes. Autonomous invocation is allowed but that is the platform default; there is no evidence the skill requests elevated or persistent privileges.
Scan Findings in Context
[NO_CODE_FILES_FOR_STATIC_SCAN] expected: The scanner had no code files to analyze because this is an instruction-only skill. That's expected for many tooling skills, but it means the SKILL.md is the entire security surface and should be reviewed closely.
What to consider before installing
This skill appears to do what it claims, but the package metadata omits key details. Before installing or invoking it: 1) Treat .env/.env.local as sensitive — confirm you are comfortable allowing the agent to read those files or run it in an isolated environment (dev container) where secrets are safe. 2) Ensure the required CLIs (prisma, drizzle-kit, knex, alembic, psql, mysql, sqlite3, Python/Django tooling) are installed locally; the skill's metadata should list them but doesn't. 3) Require and verify the skill prompts for explicit confirmation before any destructive or production operation and that backups are created and verified. 4) Prefer running migration commands yourself or reviewing generated commands/migration SQL before execution. 5) Ask the skill author/maintainer to update metadata to declare required binaries and to document exactly which files it reads and how it handles credentials; if you cannot verify those changes, treat the skill as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk977rmzd10yw2ft7n3ps5yv26x84f0hv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.