Security checks across malware telemetry and agentic risk
This skill is meant to execute database queries, but it does not enforce its advertised SQL safety blocks and has broad credential and external-service handling that users should review carefully.
Install only in a controlled environment with read-only, least-privilege database credentials and approved network access. Treat query results and fallback prompts as potentially sensitive, disable or review Gemini fallback before production use, and patch or verify SQL safety checks before allowing live database execution.
## 依赖(通过 `.env` 配置) | 服务 | .env 配置键 | |------|-------------| | StarRocks/Doris | `DB_HOST` / `DB_PORT`(默认 9030)/ `DB_USER` / `DB_PASSWORD` / `DB_NAME` | | Gemini(兜底候选生成) | `GEMINI_API_URL` / `GEMINI_API_KEY` / `GEMINI_TOKEN` |
const path = require('path');
const fs = require('fs');
// 加载 skills/.env
(function loadDotEnv() {
const envFile = path.join(__dirname, '..', '.env');
if (!fs.existsSync(envFile)) return;// 加载 skills/.env
(function loadDotEnv() {
const envFile = path.join(__dirname, '..', '.env');
if (!fs.existsSync(envFile)) return;
for (const line of fs.readFileSync(envFile, 'utf8').split('\n')) {
const m = line.match(/^\s*([A-Z_][A-Z0-9_]*)\s*=\s*(.+?)\s*$/);function execPython(script, stdinData, skillDir) {
return new Promise((resolve, reject) => {
const proc = spawn(PYTHON_BIN, ['-c', script, skillDir], {
env: { ...process.env },
});
let stdout = '';65/65 vendors flagged this skill as clean.