DB Readonly
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: db-readonly Version: 1.0.0 The skill is classified as suspicious primarily due to the arbitrary file write capability in `scripts/db_readonly.sh`. The `--out` parameter allows writing database query results to any specified file path. While intended for legitimate data export, this could be abused to overwrite critical system files (e.g., `/etc/hosts`, `/etc/resolv.conf`) with database output, potentially leading to denial of service or system disruption. Additionally, if sensitive data is queried, writing it to an insecure or publicly accessible location could lead to unintended data exposure. Although the `SKILL.md` and script include strong safeguards against non-read SQL, the file write capability introduces a significant risk without clear malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated or copied query could still have database side effects if it uses SQL forms not covered by the denylist or if the provided database account has write/admin privileges.
The script accepts supplied SQL and sends it to database CLIs after a finite keyword denylist and prefix check; it does not enforce a database read-only role/transaction, a parser-backed allowlist, or a single-statement boundary.
SQL="$2" ... grep -Eq '(^|[^a-z])(insert|update|delete|drop|alter|create|truncate|grant|revoke|replace|merge|call|do)([^a-z]|$)' ... psql_cmd+=( -P pager=off -c "$SQL" )
Use only dedicated read-only database accounts, require user review for every query, and strengthen enforcement with database-side read-only permissions plus a stricter parser or allowlisted query builder.
The agent may be able to inspect sensitive database tables, and the real permission boundary depends entirely on the database user you provide.
The skill requires database password environment variables. This is expected for the purpose, but it gives the agent the privileges of those DB accounts and is not reflected in the registry credential declarations.
`PGPASSWORD` ... `MYSQL_PASSWORD`
Provide credentials only for a least-privilege read-only account, and avoid exposing production/admin database passwords to the agent.
Installation or use may fail unexpectedly, and users may not notice that the skill relies on existing local database CLI tools.
The script depends on local PostgreSQL/MySQL clients, while the registry requirements list no required binaries. The dependencies are purpose-aligned but under-declared.
command -v psql >/dev/null 2>&1 || { echo "psql not found" ... }; ... command -v mysql >/dev/null 2>&1 || { echo "mysql client not found" ... }Declare psql/mysql client requirements and the needed environment variables in the registry metadata.