ClawHub

sql-explain

Security checks across malware telemetry and agentic risk

Overview

This is a local SQL helper that can draft SQL, including write statements, but it does not access databases, credentials, files, or the network on its own.

Reasonable to install for local SQL help. Treat generated SQL as a draft, especially UPDATE or DELETE statements, and review it before running it against any database; also verify any download URL rather than using the README placeholder blindly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "这个sql怎么写" is broad enough to activate on common requests for general SQL authoring rather than the narrower explain/analyze use case. Overbroad activation can cause the skill to take over unrelated conversations, increasing the chance of unintended SQL generation or advice in contexts where the user did not explicitly request this skill.

Vague Triggers

Low
Confidence
80% confidence
Finding
The trigger list does not define clear boundaries for when the skill should or should not activate, so ordinary database-related requests may match unintentionally. This creates routing ambiguity and can lead to inappropriate invocation of a skill that also supports SQL generation and modification, which is a security and safety concern even without overtly malicious content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The natural-language-to-SQL feature emits UPDATE and DELETE statements from loose text matching with no warning, confirmation, or safety guardrails. In an agent workflow, users or downstream tooling may treat the generated SQL as trusted and execute destructive statements that modify or delete data, especially because the templates normalize dangerous operations as routine outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal