ClawHub

Concurrency Anomaly Detector

v1.0.0

Scan application code, SQL queries, or ORM code for exposure to the 6 database concurrency anomalies and produce a findings report with severity, affected lo...

0· 18·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and tasks (grep code for transaction patterns, classify anomalies, recommend fixes) align with the declared inputs (codebase, optional doc) and listed tools (Read, Grep, Write). The declared dependency on a companion 'transaction-isolation-selector' is coherent.
Instruction Scope
SKILL.md instructs the agent to inspect repository files (docker-compose, dependency manifests, source files) and run grep-style pattern matching to identify transactional patterns; these actions are appropriate for a static code audit and do not direct the agent to read unrelated system files, exfiltrate data, or contact external endpoints.
Install Mechanism
No install spec or code is included (instruction-only). No downloads or archive extraction are performed, minimizing filesystem/write risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Its explicit requirement for database type/version (asked interactively) is reasonable to calibrate severity and is not a secret in itself.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills or system-wide settings. It runs as-needed against a provided project directory.
Assessment
This skill is an instruction-only static-audit that analyzes source code in the project directory for concurrency-anomaly patterns; it does not require credentials or install software. Before running it, ensure the agent is only given access to the intended repository (do not point it at systems containing secrets or unrelated projects). Expect false positives and human review of findings—this tool identifies structural risks and recommends mitigations, but any fix (changing isolation levels, adding locks, or retry logic) should be validated in a staging environment. If you need the tool to reason about the effective runtime isolation settings, supply database type and version (but avoid pasting production credentials).

Like a lobster shell, security has layers — review code before you run it.

auditvk97cm9t75c5q4b6b1t4097v9vn84kny0bookforgevk97cm9t75c5q4b6b1t4097v9vn84kny0code-reviewvk97cm9t75c5q4b6b1t4097v9vn84kny0concurrencyvk97cm9t75c5q4b6b1t4097v9vn84kny0dirty-readvk97cm9t75c5q4b6b1t4097v9vn84kny0dirty-writevk97cm9t75c5q4b6b1t4097v9vn84kny0isolation-levelsvk97cm9t75c5q4b6b1t4097v9vn84kny0latestvk97cm9t75c5q4b6b1t4097v9vn84kny0lost-updatevk97cm9t75c5q4b6b1t4097v9vn84kny0mvccvk97cm9t75c5q4b6b1t4097v9vn84kny0mysqlvk97cm9t75c5q4b6b1t4097v9vn84kny0oraclevk97cm9t75c5q4b6b1t4097v9vn84kny0phantom-readvk97cm9t75c5q4b6b1t4097v9vn84kny0postgresqlvk97cm9t75c5q4b6b1t4097v9vn84kny0race-conditionsvk97cm9t75c5q4b6b1t4097v9vn84kny0read-skewvk97cm9t75c5q4b6b1t4097v9vn84kny0serializablevk97cm9t75c5q4b6b1t4097v9vn84kny0snapshot-isolationvk97cm9t75c5q4b6b1t4097v9vn84kny0sql-servervk97cm9t75c5q4b6b1t4097v9vn84kny0transactionsvk97cm9t75c5q4b6b1t4097v9vn84kny0write-skewvk97cm9t75c5q4b6b1t4097v9vn84kny0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments