Db Explorer
PassAudited by ClawScan on May 11, 2026.
Overview
This instruction-only database skill is coherent and purpose-aligned, but users should treat it as high-trust because it can use database credentials, run queries, and export data.
Before installing or using this skill, make sure you are comfortable giving the agent access to the target database. Prefer read-only credentials, review any write or export command before approving it, avoid putting passwords directly in shell commands, and clean up exported files containing sensitive data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If privileged database credentials are provided, the agent may be able to view or change sensitive data within that database.
The skill expects database credentials from the user. That is necessary for a database explorer, but those credentials may grant sensitive read or write access depending on the account used.
Ask the user for: ... Connection string OR host/port/database/user/password
Use least-privilege, preferably read-only credentials unless a write task is explicitly needed; avoid sharing production admin passwords.
A confirmed write, delete, or drop command could change or destroy database records if the connected account has permission.
The skill documents potentially mutating database operations, but it also requires explicit user confirmation and transaction safety for writes.
Read-only by default — Never run INSERT/UPDATE/DELETE/DROP without explicit user confirmation
Review the exact SQL or database command before approving it, use transactions where supported, and test against non-production data when possible.
Database contents may be saved to local files where they could persist after the task or be accessed by other local processes or users.
The skill includes local export examples that can write full query results to files. Exporting data is part of the stated purpose, but full-table exports may contain sensitive information.
psql "$CONN" -c "\copy (SELECT * FROM table_name) TO '/tmp/export.csv' WITH CSV HEADER"
Export only the needed columns and rows, confirm the destination path, and delete sensitive export files when they are no longer needed.
Installing database client tools changes the local environment and depends on the trustworthiness of the package source.
The skill relies on external database CLI tools installed through package managers. The install steps are user-directed and expected for the purpose, with no automatic installer shown.
Install (macOS) ... brew install postgresql ... Install (Linux) ... apt install postgresql-client
Install CLI tools only from trusted package repositories and keep them updated.