Back to skill
Skillv1.0.0
ClawScan security
SQL Profiler · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 3:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is instruction-only and its requirements and instructions align with its stated purpose of analyzing SQL and EXPLAIN outputs — it does not request credentials, install software, or perform unexpected actions.
- Guidance
- This skill is instruction-only and analyzes SQL text you paste; it does not connect to databases or request credentials. Before using it, avoid pasting sensitive data (production connection strings, PII, or secrets) into the query or EXPLAIN text. If you need live profiling that queries your database, prefer a tool that integrates securely with your DB and follow your organization’s credential-handling policies. Otherwise, this skill appears coherent and appropriate for offline/explained SQL analysis.
Review Dimensions
- Purpose & Capability
- okThe name and description (SQL analysis, EXPLAIN interpretation, optimization suggestions) match the SKILL.md, README, and package.json. No binaries, credentials, or external services are required, which is consistent for a skill that relies on user-provided queries and plans.
- Instruction Scope
- okThe SKILL.md instructs the agent to accept queries and EXPLAIN text from the user and produce analysis/rewrite suggestions. It does not instruct the agent to read system files, fetch database credentials, or send data to third-party endpoints. Note: because it does not connect to databases itself, accuracy depends on the user pasting representative EXPLAIN/ANALYZE output.
- Install Mechanism
- okNo install spec or code files that run at install time exist; this is instruction-only. The presence of README and package.json is informational only and there are no downloads or extracted archives.
- Credentials
- okNo environment variables, credentials, or config paths are requested. That is proportionate for a tool that analyzes user-provided SQL text rather than connecting to databases.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. There is no indication it modifies other skills or requests permanent agent presence.