ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

sqlite-reader

v1.0.0

Read and query SQLite database files. Use when user wants to inspect or extract data from .sqlite files, especially OpenClaw's main.sqlite memory database. S...

0· 113·0 current·0 all-time
by@senknight
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (read and query SQLite files, including OpenClaw main.sqlite) match the included Python script which performs table listing, schema inspection, SELECT queries, and CSV export. No unexpected binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md describes running scripts/read_sqlite.py and example commands, which is consistent with the script. One minor inconsistency: SKILL.md states a 'read_sqlite' tool is 'not yet implemented' and says 'need to create script first', but the repository already includes scripts/read_sqlite.py. The script also allows executing arbitrary SQL supplied by the user (expected for this tool) — exercise caution with untrusted queries/databases.
Install Mechanism
No install spec is provided (instruction-only with included script). No external downloads or package installs are required; the script uses only Python standard libraries (sqlite3, json, csv, argparse, os).
Credentials
No environment variables, credentials, or config paths are required. The script operates on a database file path supplied by the user, which is appropriate for the stated purpose.
Persistence & Privilege
Skill does not request persistent/always-on presence. Defaults allow autonomous invocation (platform default) but there are no other special privileges or modifications to other skills or system configs.
Assessment
This skill appears to do what it says: a small, local Python utility for inspecting SQLite files. Before using it, review the script yourself (it is included) and run it on a copy of any sensitive database. Be aware the script will execute arbitrary SQL you provide — do not run untrusted queries or point it at unknown database files. If you want extra safety, run the script in a sandboxed environment or container and verify file permissions for any exported CSVs. The only minor oddity is the SKILL.md text that claims the script 'needs to be created' even though scripts/read_sqlite.py is present.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755d7k09bt5gfasp5f8g2qds832p3x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments