Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
nl2sqlSkill
v1.0.0将自然语言转换为 SQL 查询并生成数据分析报告的完整 Agent 工作流。使用多 Agent 协作模式:并行子 Agent 投票做意图识别、生成-判断模式做 Schema Linking、ReAct 自修复 SQL、最终生成 Markdown 报告。 触发场景: - 用户用自然语言描述想查的数据 - 用户想把问...
⭐ 0· 85·1 current·1 all-time
by@shlysz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to generate and execute SQL and to inspect table schemas/samples (execute_sql, get_table_schema). However, the registry metadata lists no required environment variables, no primary credential, and no required binaries/connectors. Executing SQL requires a DB connection (host/user/password/driver) or an adapter; that dependency is not declared, which is inconsistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run queries, probe table schemas, fetch sample data, and optionally run additional supplemental queries. Those actions can expose sensitive data (PII, credentials, business secrets). The instructions do not specify where results/reports are stored, redaction rules, or explicit user consent/confirmation steps before executing queries or returning raw rows (>50 rows are summarized but no strict row/column limits).
Install Mechanism
No install spec and no code files (instruction-only). This reduces risk from arbitrary code installation or external downloads; nothing will be written to disk by an installer.
Credentials
The skill requires access to a database to fulfill its purpose but declares no environment variables or credentials (DB_HOST, DB_USER, DB_PASS, connection string, or platform connector). That mismatch makes it unclear how the agent will authenticate to data sources. Also, there are no declarations around required minimum privileges (read-only user) or data scoping, which is disproportionate given the ability to query arbitrary tables and sample data.
Persistence & Privilege
always is false and there is no install persistence. The skill can be invoked autonomously by the agent (default), which is normal — but that combined with the DB-querying behavior would increase risk if the agent is granted live DB access without restrictions.
What to consider before installing
Before installing, ask the skill author how the agent will connect to databases (what connector, which env vars or platform-provided connector), and require them to: (1) declare needed credentials and minimum required privileges (read-only), (2) document where reports/results are stored or transmitted, (3) enforce strict row/column limits and PII redaction rules, and (4) add an explicit confirmation step before executing any query against production data. If you must run this, supply a dedicated read-only test database or limit the agent's DB connection via network controls and audit logging. If you are uncomfortable with autonomous queries against live data, disable autonomous invocation or require user confirmation for each execution.Like a lobster shell, security has layers — review code before you run it.
latestvk978cdnwc50rfg0yyt9xhhx8rs83k1mv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.