Db Explorer
PassAudited by ClawScan on May 12, 2026.
Overview
This looks like a legitimate database exploration guide, but it needs database credentials and can run or export queries, so use least-privilege access and review commands.
Use this skill only when you intend the agent to access a database. Provide least-privilege, preferably read-only credentials; review queries before execution; avoid broad SELECT * exports unless needed; and be especially careful on production systems.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad or production credentials are provided, the agent may be able to read or modify sensitive database contents within that account's permissions.
The skill explicitly asks for database credentials or connection strings. That is purpose-aligned for a DB explorer, but the supplied credentials define the agent's authority over potentially sensitive data.
Ask the user for: - Database type (postgres/mysql/sqlite/mongo/redis) - Connection string OR host/port/database/user/password
Use a dedicated least-privilege account, preferably read-only for exploration, and avoid sharing admin or production credentials unless absolutely necessary.
A poorly scoped query or export could expose large amounts of data, and some diagnostic commands can be expensive on production databases.
The skill can invoke database command-line tools for reads, exports, and confirmed writes. The read-only and confirmation rules are good safeguards, but broad examples like full-table exports and Redis KEYS * should be scoped carefully.
**Read-only by default** — Never run INSERT/UPDATE/DELETE/DROP without explicit user confirmation ... psql "$CONN" -c "\copy (SELECT * FROM table_name) TO '/tmp/export.csv' WITH CSV HEADER" ... redis-cli -h host -p 6379 -a password KEYS "*"
Review every command before execution, keep LIMITs in place, prefer Redis SCAN over KEYS on production systems, and require explicit confirmation for any write or full export.
Installing database clients from untrusted sources or using outdated clients could introduce local supply-chain or compatibility risks.
The skill depends on external database CLI tools installed outside the skill package. These are standard tools and purpose-aligned, but their provenance and versions are not controlled by the skill artifacts.
| PostgreSQL | psql | brew install postgresql | apt install postgresql-client | | MySQL | mysql | brew install mysql | apt install mysql-client | | MongoDB | mongosh | brew install mongosh | See mongodb.com/docs/shell | | Redis | redis-cli | brew install redis | apt install redis-tools |
Install CLI tools only from trusted package managers or official vendor instructions, and keep them updated.