database-agent
v1.0.0本技能应用于 Java 后端开发场景中的数据库操作。提供慢 SQL 智能分析、表结构规范巡检、安全数据订正与测试数据自动生成的自动化辅助能力。当用户请求数据库优化、schema 验证、安全数据更新或需要为数据库生成测试数据时使用此技能。
⭐ 0· 8·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description, SKILL.md, and included scripts match: analysis, schema checks, safe-update validation, and test-data generation are implemented by the provided Python scripts and reference docs. The skill does not request unrelated cloud credentials or unrelated system access.
Instruction Scope
SKILL.md explicitly instructs running the bundled scripts, connecting to databases, generating backups/rollback scripts, and requiring confirmations for high-risk operations. It does not instruct reading unrelated system files or exfiltrating data to external endpoints. Note: the workflow expects a DB config (JSON) to be supplied to scripts, and these scripts will execute arbitrary SQL provided at runtime, so operator caution is required.
Install Mechanism
No install spec or external downloads are used — this is an instruction-and-bundle skill with all code included. No remote URLs, package installs, or archive extraction were present in the manifest.
Credentials
The skill declares no required environment variables, which is reasonable because DB credentials are supplied at runtime via config files. Ensure you do not supply high-privilege production credentials casually — the scripts need DB connection info (host/port/user/password/database/type) to operate.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide changes. It runs locally when invoked. Autonomous invocation is permitted by default (disable-model-invocation=false), which is normal and not by itself a red flag; there is no evidence of attempts to modify other skills or agent-wide settings.
Assessment
This skill is coherent for database maintenance tasks, but it performs operations that can modify data. Before installing or running it: (1) review the scripts (especially validate_data_correction.py and any execution paths) to confirm they require explicit confirmation and produce rollback scripts; (2) always provide a least-privileged test account (not root) and prefer a staging database; (3) inspect generated SQL before executing and run generated scripts in non-production first; (4) keep backups and audit logs, and enforce the >1000-row confirmation policy mentioned in SKILL.md; (5) if you will supply credentials as a JSON config file, store that file securely and avoid sharing production credentials with the skill unless you accept the risk. If you want higher assurance, ask for full content of the truncated scripts (analyze_slow_sql.py, validate_data_correction.py, generate_report.py, check_schema_compliance.py) so those can be reviewed for any unexpected behavior (network calls, hidden logging, or filesystem exfiltration).Like a lobster shell, security has layers — review code before you run it.
latestvk974h89v0rnwc37sjn5ha1tw3n84c4sv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.