Skillv1.0.0

ClawScan security

SQL Data Analyst · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 4:29 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (natural-language → SQL, local CSV import, SQLite/Postgres/MySQL support) matches its instructions and config; it is an instruction-only skill that reads/writes local files and expects optional DB credentials via environment variables listed in its templates.
Guidance: This skill appears internally consistent with its stated purpose. Before installing or using it: 1) Do not point it at sensitive production databases unless you intend it to access them — give it a dedicated read-only user or a copy of data when possible. 2) Review and, if needed, edit config/connections.json to disable auto_connect or auto_execute_select and to ensure log_queries and file paths meet your policy. 3) Be aware it will create files under ./data and ./config (analyst.db, schemas, saved-queries.json). 4) If connecting to Postgres/MySQL, prefer creating least-privilege credentials and supply passwords via environment variables as indicated (PG_PASSWORD, MYSQL_PASSWORD). 5) There are no signs of external network exfiltration in the provided files, but if the runtime environment allows outbound network access, treat any query results you export with the same caution as any local data export.

Review Dimensions

Purpose & Capability: okName/description match the behavior in SKILL.md and the included config files. The skill is designed to translate questions into SQL, execute queries, import CSVs into a local SQLite DB, and save queries — all of which are reflected in config/connections.json, README.md, and SKILL.md. The Postgres/MySQL password_env entries (PG_PASSWORD, MYSQL_PASSWORD) in the templates are appropriate and expected for DB connectors.
Instruction Scope: noteInstructions explicitly direct the agent to inspect schemas, read CSV files, create/use a local SQLite DB at ./data/analyst.db, store schemas under ./data/schemas/, and save queries under ./config/. It also auto-executes SELECT queries by default per settings (auto_execute_select: true). This behavior is coherent with the skill purpose but users should be aware the skill will read arbitrary files/databases they point it at and will write schema and saved-query files to the workspace.
Install Mechanism: okNo install spec or external downloads — instruction-only skill. Nothing is written from an installer; the runtime writes standard local files (DB and config) as described. This is the lowest-risk install model.
Credentials: okNo required environment variables are declared. The config templates reference PG_PASSWORD and MYSQL_PASSWORD as optional password_env names, which is proportionate and expected for optional PostgreSQL/MySQL connections. There are no unrelated credentials requested.
Persistence & Privilege: notealways:false and user-invocable:true (defaults) — no unusual privileges. The skill will create and modify files under ./data and ./config (schemas, the SQLite DB, saved-queries.json, logs) and may auto-connect to the local SQLite per config. Users should expect local file persistence but there is no evidence the skill modifies other skills or requests system-wide privileges.