Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MySQL慢查询分析器
v1.0.1专业解析 MySQL EXPLAIN 与慢查询日志,定位性能瓶颈,提供索引与SQL重写优化建议,提高查询性能效率。
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (MySQL slow-query analysis) align with the provided code: parser, suggestion generator, CLI, and tests all implement EXPLAIN and slow-log analysis. However SKILL.md claims '单文件 <500行' and a simple CLI-only distribution, while the package contains multiple modules (analyzer_parser.py, analyzer_suggestions.py, mysql_slow_query_analyzer.py, cli.py) plus tests. SKILL.md also advertises Pro/Team features (history, export, team sharing) yet there is no network or persistence implementation in the code. These are inconsistencies in documentation vs code (likely non-malicious misdocumentation) but they are incoherent with the stated packaging claims.
Instruction Scope
SKILL.md runtime instructions ask the agent to parse EXPLAIN outputs, slow query logs, and SQL text provided by the user; neither the instructions nor the code ask the agent to read arbitrary system files, environment variables, or to send data externally. The code accepts user-provided strings and returns analysis. There is no instruction for the agent to fetch production logs on its own or to exfiltrate data.
Install Mechanism
No install spec is present (instruction-only installation), which matches the code being pure Python files. The repository is self-contained and uses only standard-library modules. There is no remote download, package installer, or archive extraction to evaluate. This is low-risk from an install-mechanism perspective.
Credentials
The skill declares no required environment variables, no credentials, and no config paths; the code does not reference network libraries or secret-bearing env vars. Requested privileges are proportionate to the described purpose.
Persistence & Privilege
Flags show always:false and disable-model-invocation:false (normal). The code does not persist credentials or modify other skills; it does not request long-term presence or elevated system privileges.
What to consider before installing
This package mostly appears to be what it advertises: a local Python-based MySQL EXPLAIN / slow-log analyzer that needs no credentials. However, SKILL.md contains contradictory statements you should clarify before installing or trusting the skill: (1) it claims 'single-file <500 lines' but the bundle contains multiple modules and sizeable test files; (2) it advertises Pro/Team features (history, export, team sharing) and pricing, yet the code contains no networking, telemetry, authentication, or server-side components — ask the author how those paid features are implemented and where data would be stored or sent. Recommended steps before use: (a) review the code locally (search for network/socket/urllib/requests usage) to confirm no hidden endpoints; (b) run the tests in an isolated environment (VM/container) to verify behavior; (c) if you plan to analyze production slow logs, make sure you sanitize sensitive data before pasting into any skill or tool; (d) confirm licensing and the expected installation/distribution method with the publisher. If the author cannot explain the pricing/backend claims, treat the Pro/Team lines as marketing only and prefer the local-only behavior observed in the code.Like a lobster shell, security has layers — review code before you run it.
databasevk975ntysh2q51sf4n1vshhfxyx84apk3latestvk979etk2p3a9kt2drtr6xyqgx984btgnmysqlvk975ntysh2q51sf4n1vshhfxyx84apk3optimizationvk975ntysh2q51sf4n1vshhfxyx84apk3performancevk975ntysh2q51sf4n1vshhfxyx84apk3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.