ClawHub

MongoDB Skill - 灵活的文档数据库管理

v1.0.0

MongoDB 文档数据库管理技能。通过自然语言查询、管理 MongoDB,支持文档查询、聚合操作、索引管理、地理空间查询等功能。当用户提到 MongoDB、NoSQL、文档数据库时使用此技能。

0· 152·0 current·0 all-time
by@ryanlee-gemini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (MongoDB management) matches the declared requirements: mongosh, mongodump, mongorestore, and pymongo are reasonable and expected for the documented features (queries, aggregation, backups, restore, indexing, geospatial).
Instruction Scope
SKILL.md contains typical MongoDB commands and examples (connection strings, find/aggregate/update examples, mongodump/mongorestore). It does include examples with plaintext connection strings (username:password) but does not instruct the agent to read unrelated files, exfiltrate data, or call third‑party endpoints. Recommend users avoid pasting production credentials into public inputs and use least‑privilege accounts.
Install Mechanism
No embedded install script that downloads arbitrary archives. package.json lists system installs (apt, brew) and pip install for pymongo — these are standard package managers and appropriate for the skill. No suspicious external URLs or extract-from-unknown-host steps are present.
Credentials
The skill does not require environment variables or secrets in its metadata. However, practical use requires supplying MongoDB connection strings/credentials to connect to databases; this is expected but users should provide only minimal-permission credentials and avoid exposing secrets to untrusted interfaces.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system-wide privileges or modify other skills. There is no evidence it attempts to alter agent/system configuration beyond normal install recommendations.
Assessment
This skill appears to be what it says: a MongoDB helper with command examples and install hints. Before installing or using it: (1) verify the referenced repository/homepage if you want higher assurance (package.json points to a GitHub repo and a homepage you can inspect), (2) only supply database connection strings/credentials for accounts with minimal privileges, not full admin accounts, (3) be careful when running mongorestore/mongodump — restore can overwrite data, and (4) installing system packages requires sudo/homebrew and is a normal step but review commands before running them. If you need stronger assurance, check the upstream repository and author and test on a non-production database first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dmm1h348t2f6cts2ha0amms83fj5f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments