Mysql Manager
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says—manage a local MySQL Docker container—but it can change local databases and should be configured with a non-default password.
This looks suitable for local development if you expect it to manage Docker and MySQL. Before installing or using it, set MYSQL_ROOT_PASSWORD to a non-default value, avoid running destructive commands on important data, remember that the Docker volume persists data, and treat the package provenance as limited because no source repository or homepage is provided.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the skill can start or stop the local MySQL container and change, copy, or delete local development databases.
The skill intentionally exposes Docker and database-administration actions, including data mutation and deletion. This matches the stated purpose and includes safeguards such as name validation and confirmation for drops, but users should notice the authority.
./run.sh create-db <name>; ./run.sh drop-db <name> # DROP DATABASE (interactive confirm); ./run.sh dump <src> <dest> # mysqldump src | mysql dest
Use it only for intended local-dev databases, review dump/drop targets carefully, and keep backups before destructive operations.
On a shared machine or shared Docker network, leaving the default password could let other local users or containers access the dev database as root.
The container initializes with a MySQL root password defaulting to 'secret' while binding the host port to localhost. This is disclosed and local-scoped, but it is still an administrative credential boundary.
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-secret}; ports: 127.0.0.1:${MYSQL_PORT:-3307}:3306Set a strong MYSQL_ROOT_PASSWORD before starting the container, especially if the database may contain real data or run on a shared host.
The database container and stored data can remain available after the task or after Docker restarts until the user stops or removes them.
The MySQL service is configured to persist and restart, and its data remains in a named volume. This is disclosed in the skill and appropriate for a dev database, but it is persistent background infrastructure.
restart: unless-stopped; volumes: mysql_data:/var/lib/mysql
Run the provided stop command when done, and remove the Docker volume only when you intentionally want to delete persisted database data.
Users have less external context for verifying the publisher or change history beyond the supplied package artifacts.
The registry metadata does not provide an external source or homepage for provenance. The included files are readable and no install hook is present, so this is a provenance note rather than evidence of hidden behavior.
Source: unknown; Homepage: none
Install only if you trust the registry package and the reviewed files; prefer packages with clear source provenance for production-sensitive workflows.