Back to skill
Skillv1.0.0
ClawScan security
Sql Injection Detection And Exploitation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 11:44 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and artifacts are internally consistent with a SQL injection penetration-testing / code-review guide; it requests no unrelated credentials or installs, but it contains explicit offensive techniques (exfiltration, OS command execution) that must only be used in authorized test scopes.
- Guidance
- This skill is coherent for authorized penetration testing and secure code review, but it contains explicit payloads and techniques that can extract data, cause delays, or execute OS commands if used against live systems. Only install or run this skill when you have written scope approval and a safe target environment (preferably a staging/test replica). Do not provide production credentials or attacker-controlled endpoints to the agent. Consider disabling autonomous invocation for this skill if you do not want the agent to run tests without manual confirmation, and ensure logging, monitoring, and backups are in place before any active testing. If you need a lower-risk alternative, use passive analysis or code-review-only workflows that avoid live exploitation steps.
- Findings
[no_findings] expected: The static regex scanner found no patterns. That's expected because this is an instruction-only skill (no code files) and the payloads/techniques are contained in prose and reference docs.
Review Dimensions
- Purpose & Capability
- okName and description match the content: the SKILL.md and reference file provide detection, fingerprinting, UNION- and blind-based extraction, filter bypass, out-of-band exfiltration, and OS-command escalation techniques expected for SQLi testing. No unrelated binaries, env vars, or installs are requested.
- Instruction Scope
- noteInstructions explicitly teach offensive techniques including blind/time-based inference, UNION extraction, out-of-band DNS/HTTP exfiltration, and platform-specific OS-command execution (xp_cmdshell, UTL_HTTP, SELECT INTO OUTFILE). These are coherent with the stated purpose (penetration testing and code review) but are inherently high-risk and could be misused if applied outside an authorized scope. The SKILL.md does include a written-authorization admonition and backup recommendation.
- Install Mechanism
- okInstruction-only skill with no install spec and no shipped code. This minimizes disk-write/installation risk. The regex scanner had nothing to analyze (expected for an instruction-only skill).
- Credentials
- okThe skill does not request environment variables, credentials, or config paths. It references database privileges and attacker-controlled endpoints only as operational concepts/examples rather than as required secrets. Requested access is proportional to a manual testing workflow.
- Persistence & Privilege
- okalways is false, no install, no attempt to modify other skills or system-wide settings. The skill can be invoked autonomously by the agent by default (normal platform behavior) but does not request elevated permanence.