Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is to audit and actually execute SQL against StarRocks/Doris. Executing SQL requires database credentials — which the code uses — so that part is coherent. However the SKILL.md lists DB_HOST/DB_PORT/DB_USER/DB_PASSWORD/DB_NAME as .env keys while the runtime (index.js / python) prefers a single DB_DSN environment variable or an explicit db_dsn input. The registry metadata also declared no required env vars, which is inconsistent with the code and README.
Instruction Scope
The instructions and implementation perform real SQL execution (expected) but also read configuration from a parent .env file (index.js loads ../.env) which can expose unrelated secrets to the skill. The skill may call an external LLM (Gemini) for fallback candidate generation using GEMINI_API_* envs. The code will execute arbitrary SQL provided to it (or from candidates), so callers must ensure those queries are safe and that the DB credentials have minimal privileges.
Install Mechanism
No install spec is provided (lower install risk), but the package includes two code files (index.js and sql_audit.py) and has runtime Python dependencies (pymysql, httpx) that are not documented in a package install step. The absence of declared dependency installation means runtime failures or implicit dependency pulls are possible.
Credentials
The skill requires database credentials and optionally Gemini API keys/tokens to function, but the registry metadata declared no required env vars. Worse, index.js loads ../.env (project root) into process.env, potentially exposing unrelated secrets stored there to the skill and to the spawned Python process. The discrepancy between documented .env keys and actual code (DB_HOST vs DB_DSN) is confusing and risky.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. It runs as an invoked skill (normal privilege). There is no evidence it persists beyond its execution footprint.
What to consider before installing
This skill will actually run SQL against whatever database credentials you provide and may call an external LLM (Gemini) if configured. Before installing or running it:
- Don't supply high-privilege DB credentials. Create and use a dedicated, read-only DB user limited to the minimal schemas/tables needed.
- Verify how you will provide credentials: the code expects DB_DSN or an explicit db_dsn input, but SKILL.md lists DB_HOST/DB_USER/etc — fix this mismatch and test in a safe environment.
- Be aware index.js loads ../.env (the parent .env). That can leak other project secrets into the skill; store DB/GEMINI credentials in a separate, minimal .env for the skill or avoid using a project-wide .env.
- The skill may make outbound HTTP calls (Gemini) using GEMINI_API_URL/GEMINI_API_KEY/GEMINI_TOKEN. Only provide tokens that are scoped and revocable.
- Review the included sql_audit.py code (especially the parts that build and send LLM requests and error handling) before use. Run the skill in an isolated environment or staging DB first.
- If you cannot review the code or control the DB credentials and network egress, do not install or run this skill.
I rated this 'suspicious' (not 'malicious') because many behaviors are reasonable for an SQL execution/audit tool, but the undocumented env usage, .env loading from the project root, and mismatch between docs and runtime make it unclear and potentially dangerous without careful configuration and review.index.js:137
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzz02k3x8szvxd996mnmw6h83231p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐬 Clawdis