MSSQL
v1.0.2Execute SQL Server queries and export results as delimiter-separated text. Use when the user asks to fetch, insert, update, or manage data in Microsoft SQL S...
⭐ 1· 108·1 current·2 all-time
byUmbra@mohamed-hammane
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, required binaries (sqlcmd), and required env vars (MSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD) align with a tool that runs Microsoft SQL Server queries and exports delimiter-separated output. No unrelated services, credentials, or binaries are requested.
Instruction Scope
The SKILL.md and script keep scope to SQL Server operations. The script sources a credentials file (~/.openclaw/credentials/mssql.env) which is expected for DB access, and it can read SQL from a user-specified file path (--file). Sourcing the env file means if that file contains malicious shell code it would be executed; this is an operational risk (not mismatch) and should be mitigated by protecting the file and its contents. The script also exports MSSQL_PASSWORD into SQLCMDPASSWORD (to avoid showing it on the process command line) — expected behavior for sqlcmd usage.
Install Mechanism
No install spec is provided (instruction-only plus a small script), so nothing is downloaded or written during install by the skill itself. Requiring sqlcmd to be present is appropriate and proportionate.
Credentials
The skill requests only the environment variables necessary for connecting to SQL Server (host, DB, user, password, optional port/encryption flags). The number and type of env vars are appropriate for the stated functionality. No unrelated credentials are requested.
Persistence & Privilege
always:false (default) and no install-time changes to other skills or system-wide settings are requested. The skill does not attempt to persist beyond its own files or change other skills' configuration.
Assessment
This skill appears to do what it says: run SQL Server queries via sqlcmd and emit delimiter-separated text. Before installing or using it, consider the following practical precautions:
- Protect the credential file (~/.openclaw/credentials/mssql.env): it is sourced by the script, so it must contain only trusted variable assignments and be file-permission restricted (e.g., chmod 600). Because the script 'sources' the file, any shell commands in it would be executed.
- Use least-privilege DB credentials: create a dedicated user with only the minimum permissions needed (ideally read-only for reporting tasks) to limit risk if credentials are compromised.
- Review and control SQL you run: the script imposes no query-level restrictions — destructive statements (DELETE, DROP) will run if the DB user has rights. When allowing an automated agent to issue queries, limit scope and require user confirmation for privileged operations.
- Secure transport and certificate options: the script supports encryption and a TRUST_CERT flag; prefer encrypted connections and only set trust-cert when you understand the implications.
- Protect output files: the script can write query results to arbitrary paths via --out; ensure downstream handling of those files does not leak sensitive data.
- Confirm sqlcmd version and installation source: the script expects sqlcmd v18+; install from official Microsoft packages for your platform.
Given the above operational precautions, the skill is internally consistent and appropriate for its described purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk975wgwarf0w7fd29h7tcpz5th8478fa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
DB Clawdis
Binssqlcmd
EnvMSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD