ClawHub

MySQL慢查询分析器

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local MySQL slow-query analysis tool, with privacy and routing cautions but no artifact-backed malicious or high-impact hidden behavior.

Use this for local MySQL query and slow-log analysis, but redact production logs before sharing them with an agent or service. Remove secrets, customer data, tenant IDs, hostnames, emails, and sensitive SQL literals, and review any index or rewrite suggestions manually before applying them to a real database.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include generic terms like "slow query" and "查询优化", which can match a wide range of ordinary database-help requests beyond the narrowly intended skill scope. Overly broad activation can cause unintended routing, making the agent answer in a specialized mode when the user did not request this skill, which can degrade safety and correctness in multi-skill systems.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill framing is written entirely in Chinese and sets a fixed persona/goal without offering language negotiation, which can force Chinese-context responses for users who asked in another language. This is not a code-execution risk, but it can cause user-confusing behavior, misinterpretation of technical guidance, and unintended disclosure or mishandling if users paste sensitive logs expecting responses in another language.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal