Db Explorer
ReviewAudited by ClawScan on May 15, 2026.
Overview
Db Explorer is a disclosed database-query helper, but it needs sensitive database credentials and can run or export queries, so users should keep its use tightly scoped.
Install only if you want the agent to access databases. Use read-only, least-privilege credentials when possible, review exact commands before writes or exports, avoid putting real passwords directly in shell commands, and prefer bounded queries on production systems.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves a write query, the agent could change or delete database data.
The skill anticipates database mutations and provides confirmation safeguards. This is purpose-aligned, but database write authority can have high impact if used carelessly.
Read-only by default — Never run INSERT/UPDATE/DELETE/DROP without explicit user confirmation
Use read-only accounts for exploration, review the exact SQL before any write, and back up important data before approving changes.
Supplying powerful database credentials could let the agent view, export, or modify sensitive data within that account's permissions.
The skill needs database credentials to work. That is expected for its purpose, but those credentials grant whatever privileges the database account has.
Ask the user for: ... Connection string OR host/port/database/user/password
Provide least-privilege credentials, preferably read-only for exploration, and avoid pasting production admin passwords unless necessary.
Users may need to install database client tools, which should come from trusted package sources.
The skill documents external database client tools and package-manager install commands. These are user-directed and purpose-aligned, with no automatic install script shown.
PostgreSQL | psql | brew install postgresql | apt install postgresql-client
Install database clients from trusted repositories and keep them updated.
Running broad inspection commands on production systems could slow or disrupt a database service.
Enumerating all Redis keys can be expensive on large or production Redis instances. This is a database exploration command, but it should be bounded in live environments.
redis-cli -h host -p 6379 -a password KEYS "*"
Prefer bounded queries, sampling, or Redis SCAN with limits; avoid broad commands on production unless the user explicitly accepts the operational risk.