Back to skill
Skillv0.10.0
ClawScan security
Warehouse UI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 7:44 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a database IDE CLI: it expects a local 'warehouse-ui' binary, a DATABASE_URL for auto-connect, and optional AI provider keys for its 'ai' feature.
- Guidance
- This skill appears to do what it says, but it runs a local binary you will need to install—verify the GitHub release (checksum/signature) before running. DATABASE_URL (or explicit connect) gives the tool DB access; prefer a least-privilege, read-only DB user for exploration. If you use BigQuery, provide a service-account JSON with only the needed permissions. The AI feature will send prompts/possibly schema or queries to OpenAI/Anthropic—avoid sending sensitive data there. If you are uncertain, review the upstream repository/releases and run the binary in an isolated environment (container or VM) before using it against production data.
Review Dimensions
- Purpose & Capability
- okName/description (universal DB CLI) aligns with required binary 'warehouse-ui' and primary credential DATABASE_URL. Supported DBs (Postgres, MySQL, SQLite, BigQuery, MongoDB) and BigQuery service-account usage are consistent with the stated capabilities.
- Instruction Scope
- noteSKILL.md instructs the agent to run the warehouse-ui binary and to read DB connection URLs, local SQLite files, and (optionally) a BigQuery service-account JSON path; these are expected. It also documents using OPENAI_API_KEY or ANTHROPIC_API_KEY for AI features — this implies sending queries or prompts to external model APIs, which is expected for the feature but means query text or schema might be transmitted externally. The SKILL.md does not instruct reading unrelated system files.
- Install Mechanism
- noteSKILL.md and its embedded metadata recommend downloading releases from GitHub Releases (reasonable, low-risk). There is a minor registry inconsistency: the top-level registry metadata indicated 'No install spec' while SKILL.md includes a 'github-release' install entry. The install source (GitHub Releases) is acceptable but users should verify release authenticity (checksums/signatures) before running a shipped binary.
- Credentials
- notePrimaryEnv DATABASE_URL is appropriate. The AI provider keys (OPENAI_API_KEY, ANTHROPIC_API_KEY) are referenced as optional for the 'ai' command but are not listed as required in the skill's top-level required-env metadata — this is reasonable for optional features. BigQuery's service-account JSON path is a necessary credential for that integration. Be mindful that using AI features will transmit query text (potentially sensitive) to third-party model APIs.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated platform privileges. It does not instruct modifying other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with any other high-risk setting.