Db Explorer
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If highly privileged credentials are used, the agent could view or act on sensitive database contents within that account's permissions.
The skill expects the user to provide database credentials or connection strings, which can grant access to sensitive production or business data.
Ask the user for: - Database type (postgres/mysql/sqlite/mongo/redis) - Connection string OR host/port/database/user/password
Use read-only or least-privilege database accounts, avoid production credentials unless necessary, and rotate any credentials accidentally exposed in chat or command history.
Incorrectly confirmed SQL or database commands could modify or delete data, depending on the connected account's permissions.
The skill contemplates database write/destructive operations, but it also instructs the agent to require explicit confirmation and show the exact command first.
Never run INSERT/UPDATE/DELETE/DROP without explicit user confirmation
Review every write command before approving it, prefer transactions with rollback previews, and use a read-only account for exploration tasks.
Exported files may contain private or regulated data and could remain on disk after the task.
The skill includes export examples that can write database contents to local files. This is purpose-aligned, but exported database data may be sensitive.
psql "$CONN" -c "\copy (SELECT * FROM table_name) TO '/tmp/export.csv' WITH CSV HEADER"
Confirm the table, columns, row limits, and destination path before exporting, and delete or protect exported files when finished.
Users may need to install external database clients manually, which introduces normal package-source and version trust considerations.
The skill documents installing external database CLI tools through package managers, but the registry metadata declares no required binaries or install spec.
| PostgreSQL | psql | brew install postgresql | apt install postgresql-client |
Install database clients from trusted package repositories and verify that the intended client is being run.