ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PostgreSQL Database

PostgreSQL 数据库操作技能。用于执行SQL查询、表管理、备份恢复、性能监控等数据库操作。触发条件:用户提到 PostgreSQL、postgres、数据库查询、SQL查询、表结构、数据库备份等。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 546 · 0 current installs · 0 all-time installs
by@limoxt
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md and included scripts all align with PostgreSQL tasks (query execution, schema export, backup/restore). However the registry metadata lists no required environment variables while the SKILL.md and scripts clearly expect PGHOST/PGPORT/PGDATABASE/PGUSER/PGPASSWORD — an inconsistency that should be resolved.
Instruction Scope
Runtime instructions are scoped to database operations and reference running the included Python scripts and PostgreSQL tools (pg_dump/pg_restore). The scripts read environment variables, write backup files to disk, and execute SQL — they do not call external network endpoints or exfiltrate data. One small mismatch: SKILL.md mentions 'performance monitoring' but there is no dedicated monitoring script; monitoring would be performed via queries (EXPLAIN, pg_stat_*), which is supported via query.py but not separately implemented.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is downloaded or written by an installer. The package includes Python scripts; risk comes from executing them, but there is no remote install URL or archive to fetch.
Credentials
The scripts legitimately require database connection credentials (PG* env vars). That access is proportionate to the stated purpose. The concern is the metadata omission of these env vars (metadata declares none), and the fact that PGPASSWORD is sensitive — you should only provide least-privilege credentials and verify where backups are stored and who can access them.
Persistence & Privilege
The skill is not force-included (always: false) and does not request persistent system privileges or change other skills' configuration. Autonomous invocation is allowed (platform default) but not combined here with other red flags.
What to consider before installing
This skill appears to implement the PostgreSQL features it claims, but before installing: (1) note the registry metadata omits required PG environment variables — the scripts expect PGHOST/PGPORT/PGDATABASE/PGUSER/PGPASSWORD, so supply only a least-privileged DB user. (2) Ensure pg_dump/pg_restore and psycopg2 are installed on the host; the scripts use subprocess to call pg_dump and will fail if absent. (3) Backups are written to disk (backup_dir) — verify the directory, permissions, and retention policy so backups are not exposed. (4) Review the scripts yourself if you don't fully trust the source: they execute arbitrary SQL and run pg_restore/pg_dump, which can modify or drop data when run with sufficient privileges. (5) If you plan to allow the agent to invoke autonomously, restrict credentials and consider creating a dedicated read/backup role (avoid superuser) to limit blast radius.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977hedssh49gdfsvr8a16bse5820bd2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

PostgreSQL Database Skill

Overview

This skill provides comprehensive PostgreSQL database operations including query execution, schema management, backup/restore, and performance monitoring.

Capabilities

1. SQL Query Execution (scripts/query.py)

Execute SQL queries against PostgreSQL databases with support for:

  • SELECT queries with result formatting
  • INSERT/UPDATE/DELETE operations
  • Transaction support
  • Query result export (JSON, CSV)

2. Schema Export (scripts/schema_export.py)

Export database schema information:

  • Table structures (columns, types, constraints)
  • Indexes and foreign keys
  • Views and triggers
  • Export to JSON/Markdown format

3. Database Backup (scripts/backup.py)

Database backup and restore operations:

  • Full database backup using pg_dump
  • Table-specific backup
  • Point-in-time recovery support
  • Backup rotation management

4. Performance Monitoring

Monitor database performance:

  • Query execution plans (EXPLAIN ANALYZE)
  • Index usage statistics
  • Table size and row counts
  • Connection pool status

Usage

Query Database

python scripts/query.py --dbname mydb --query "SELECT * FROM users LIMIT 10"

Export Schema

python scripts/schema_export.py --dbname mydb --output schema.json

Backup Database

python scripts/backup.py --dbname mydb --backup-dir /backups

Requirements

  • PostgreSQL client tools (psql, pg_dump)
  • Python 3.7+
  • psycopg2 or asyncpg library

Configuration

Set environment variables:

  • PGHOST - Database host
  • PGPORT - Database port (default: 5432)
  • PGDATABASE - Database name
  • PGUSER - Database user
  • PGPASSWORD - Database password

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…