ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

database-toolkit

v1.0.0

Execute SQL queries, maintain data, perform statistics, and backup SQLite/MySQL databases including local and remote connections.

0· 20·0 current·0 all-time
by@qiuwenxi416488212-ship-it
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Description promises SQLite/MySQL support, but the code bundle also includes Redis, PostgreSQL, and MongoDB client classes (database_enhanced.py, extra_db.py). Those additional capabilities are not documented in SKILL.md or the short description — this is a mismatch (extra capabilities that expand the attack surface).
!
Instruction Scope
SKILL.md instructs running queries, write operations and backups on local DB paths and remote MySQL. The instructions reference specific local DB file paths (data/*.db) and advise write actions. The code's example usage uses 'with DatabaseOps(...) as db' but DatabaseOps does not implement __enter__/__exit__ (runtime bug) which means the usage in the docs will error. Several write/backup operations (shutil.copy2) will touch the filesystem; the skill provides no guidance on limiting scope or asking for credentials securely.
Install Mechanism
There is no install spec (instruction-only), so nothing will be automatically downloaded — lowest install risk. requirements.txt lists pandas and comments about pymysql, but optional runtime dependencies (pymysql, psycopg2, pymongo, redis, DBUtils) are imported conditionally in code and are not declared as required environment/runtime variables. That is reasonable but should be noted: missing dependencies will cause parts of the code to raise ImportError or print messages.
!
Credentials
The skill declares no required env vars or primary credential, yet its MySQL/Postgres/Mongo/Redis classes obviously require database credentials to operate. There is no declared, structured mechanism for providing or protecting those credentials. Users might be asked to supply DB passwords directly at runtime — do not provide production credentials without isolation. The number of potential credential types (DB usernames/passwords for multiple DB engines, Redis) is larger than the stated purpose suggests.
Persistence & Privilege
always:false and no install script means the skill does not request permanent or privileged platform presence. It does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but that is not combined with 'always' or unusual privileges.
What to consider before installing
This skill is broadly a database utility, but there are notable mismatches and code bugs — treat it as untrusted until you review it. Specific actions: - Do not supply production DB credentials. Test only with copies or throwaway credentials in an isolated environment. - The package includes Redis/Postgres/Mongo client code that the description does not mention; if you don't need those, prefer a narrower tool. - Several code issues exist (e.g., DatabaseOps is used with 'with' but the class lacks __enter__/__exit__, mysql_ops.backup references an undefined 'table') — expect runtime errors. Consider reviewing/fixing code before use. - Backups use shutil.copy2 and will create files on disk — ensure paths are what you expect. - Because dependencies are optional and imported at runtime, install only the libraries you need (pymysql, psycopg2, pymongo, redis) and run in a sandbox first. If you plan to use it: audit the repo or run it in a restricted environment, provide only least-privilege DB accounts, and fix the documented implementation bugs before trusting it with important data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9745dxgwhhgc0pv9y8qnq29p98533by
20downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@qiuwenxi416488212-ship-it
latest
Download

Database Ops - 数据库操作

SQLite/MySQL数据库直接操作,支持查询/更新/备份 最后更新:2026-04-13

功能概述

  • 📊 查询数据:SQL查询执行
  • 🔧 数据维护:增删改数据
  • 💾 备份恢复:数据库备份
  • 📈 统计分析:数据统计分析

支持的数据库

SQLite(本地)

路径:
- data/stock_profiles.db
- data/commodity_options.db
- data/financial_data.db
- lottery_v3.db

MySQL(远程)

待配置:
- Host: localhost
- Port: 3306

核心命令

1. 查询

命令:db查询 [SQL]

示例:
- db查询 SELECT * FROM stocks LIMIT 10
- db查询 SELECT code, name FROM stocks WHERE price > 100

2. 统计

命令:db统计 [表名]

示例:
- db统计 stock_profiles
- db统计 odds_history

3. 备份

命令:db备份 [数据库]

示例:
- db备份 stock_profiles
- db备份 all

4. 表结构

命令:db结构 [表名]

示例:
- db结构 stocks
- db结构 odds_history

常用查询模板

股票数据

-- 最近采集的股票
SELECT code, name, price, change_pct 
FROM stocks 
ORDER BY update_time DESC LIMIT 10

-- 涨跌幅排行
SELECT code, name, change_pct 
FROM stocks 
ORDER BY change_pct DESC LIMIT 10

竞彩数据

-- 最近的推荐
SELECT league, home_team, away_team, prediction, odds 
FROM odds_history 
ORDER BY created_at DESC LIMIT 10

-- 命中率统计
SELECT league, COUNT(*) as total, 
       SUM(CASE WHEN result = 'win' THEN 1 ELSE 0 END) as wins
FROM odds_history GROUP BY league

注意事项

  • 写操作需谨慎,建议先备份
  • 敏感数据查询需脱敏
  • 定期备份重要数据
  • 大数据量查询注意性能

Code Implementation

Python实现: database_ops.py

`python from database_ops import DatabaseOps, sqlite_query

创建连接

db = DatabaseOps('data.db')

查询

results = db.execute('SELECT * FROM stocks LIMIT 10')

插入

db.insert('stocks', {'code': '000001', 'name': 'Test', 'price': 10.0})

批量插入

db.insert_many('stocks', [{'code': '1', 'price': 10}, {'code': '2', 'price': 20}])

统计

count = db.count('stocks') stats = db.stats('stocks')

备份

backup_path = db.backup('backup.db')

db.close()

快速查询

results = sqlite_query('data.db', 'SELECT * FROM stocks') `

Comments

Loading comments...