Clickhouse Database
v1.0.0ClickHouse 数据库操作技能。通过 clickhouse-client CLI 连接数据库,执行 SELECT 查询、INSERT/UPDATE/DELETE 增删改、批量 SQL 执行、数据库/表管理、JSON 格式输出。适用场景:大数据查询、统计分析、数据导入导出、数据库巡检、表结构查看、远程连接、生...
⭐ 0· 22·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description and the SKILL.md are consistent: all examples and guidance use clickhouse-client to run SELECT/INSERT/ALTER/DELETE, parse JDBC URLs, export/import CSV, and format JSON. Nothing requested or referenced is unrelated to ClickHouse database operations.
Instruction Scope
The SKILL.md contains explicit shell commands (clickhouse-client, sed, jq) and examples that read/write files (script.sql, data.csv, /tmp/users.csv) and a recommended config file (~/.clickhouse-client/config.xml). It also shows setting CLICKHOUSE_PASSWORD as an env var. These are expected for a DB helper, but the agent (or user following the instructions) can execute arbitrary SQL—including destructive ALTER/DELETE or multiquery—so credentials and invocation scope should be limited accordingly.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes installation risk (nothing is downloaded or written by the skill itself). It does assume the host has clickhouse-client and jq installed.
Credentials
Registry metadata declares no required env vars or config paths, but SKILL.md examples reference CLICKHOUSE_PASSWORD and recommend a ~/.clickhouse-client/config.xml containing passwords. Requesting/using credentials is proportional for a DB skill, but users should be aware credentials may be provided as env vars or stored in a local config file (potentially plaintext).
Persistence & Privilege
Skill is not marked always:true and is user-invocable. It does not request persistent presence or modify other skills or system-wide settings.
Assessment
This skill is coherent for ClickHouse administration, but take these precautions before installing/using it: (1) ensure clickhouse-client and jq are installed from trusted sources; (2) provide the minimal-privilege DB credentials possible (ideally a read-only user for query tasks); (3) avoid exposing high-privilege credentials in environment variables or plaintext config files—if you must, restrict file permissions and consider using a secrets manager; (4) be cautious when allowing the agent to run multiquery / ALTER / DELETE statements—review queries before execution; (5) because the skill is instruction-only it won't install code itself, but the agent invoking these shell commands will have the same access as your agent runtime—limit autonomous invocation or restrict env vars if you don't want the agent to run destructive operations.Like a lobster shell, security has layers — review code before you run it.
latestvk97exkdx90vv8mzhk1r9rwwb4x84eds9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.