ClawHub

MySQL Skill - 对话式数据库管理

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MySQL administration skill, but it normalizes high-impact database changes and restores without clear confirmation safeguards.

Install only if you intend to let an agent assist with real MySQL administration. Use a dedicated least-privilege account, prefer read-only credentials for analysis, protect credential files, and require manual review plus explicit confirmation before any write, delete, schema change, backup overwrite, or restore, especially on production databases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill’s activation scope is broad enough to trigger on many generic database-related requests, which increases the chance the agent invokes a powerful database-management capability when the user only wanted discussion, planning, or a safer read-only action. In context, this skill supports write operations, schema changes, backup, and restore, so overbroad activation can lead to unintended high-impact actions.

Missing User Warnings

High
Confidence
94% confidence
Finding
The documentation presents destructive operations such as UPDATE, DELETE, and table modifications as normal usage examples without explicit safeguards, pre-execution review, or confirmation requirements. Because this is an agent skill intended to translate natural language into database actions, users may trigger irreversible changes or broad data corruption from ambiguous prompts.

Missing User Warnings

High
Confidence
96% confidence
Finding
The restore workflow is described as a straightforward command without warning that restore can overwrite current data, reintroduce stale data, or destroy recent changes. In a conversational agent context, a simple user request like '恢复昨天下午的备份' could cause major data loss if executed without validation and confirmation.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
"kind": "system",
        "label": "Install MySQL Client",
        "commands": {
          "ubuntu": "sudo apt update && sudo apt install -y mysql-client",
          "macos": "brew install mysql-client"
        }
      }
Confidence
88% confidence
Finding
sudo

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
"kind": "system",
        "label": "Install MySQL Client",
        "commands": {
          "ubuntu": "sudo apt update && sudo apt install -y mysql-client",
          "macos": "brew install mysql-client"
        }
      }
Confidence
88% confidence
Finding
sudo

Chaining Abuse

High
Category
Tool Misuse
Content
"kind": "system",
        "label": "Install MySQL Client",
        "commands": {
          "ubuntu": "sudo apt update && sudo apt install -y mysql-client",
          "macos": "brew install mysql-client"
        }
      }
Confidence
91% confidence
Finding
&& sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal