ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DB Smart Import

v1.0.0

Intelligent database import from .csv and .sql dumps into MySQL, MariaDB, and SQLite. Analyzes schemas, parses SQL dumps, suggests column mappings based on c...

0· 9·0 current·0 all-time
by@jarbcs1-prog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included scripts (analyze_schema.py, map_columns.py, execute_import.py) align with the stated functionality (analyzing CSV/SQL, suggesting mappings, and importing into SQLite/MySQL). There are no unrelated environment variables, external endpoints, or unexpected binaries requested.
Instruction Scope
SKILL.md instructs the agent to read local CSV/SQL files and connect to local/remote databases and explicitly warns to review mappings and backup databases first — this matches the scripts. Note: execute_import.py will execute every SQL statement from a dump (split naively on ';'), so running it will perform arbitrary SQL operations against the target DB as intended; users must ensure they want that. The scripts also accept DB credentials on the command line (examples show --password), which is expected but exposes passwords on process lists.
Install Mechanism
Instruction-only with no install spec. The only optional dependency is mysql-connector-python, which the code imports conditionally and reports clearly if missing. No downloads or external installers are used.
Credentials
The skill declares no required environment variables or secrets. The scripts accept DB credentials as CLI args (host/user/password) which is appropriate for database access. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false; the skill does not request persistent or privileged system presence and does not modify other skills or system agent configuration.
Assessment
This skill appears to do what it claims, but it's powerful: it will execute SQL statements from dumps and write data to databases. Before using it, (1) never run SQL dumps or imports against production without a backup and review; (2) avoid passing passwords on the command line on multi-user systems (they appear in process listings); (3) validate table names and mappings — the scripts build SQL identifiers with string formatting and could misbehave if given untrusted names; (4) install mysql-connector-python only if you need MySQL support; and (5) inspect any dump files for destructive statements (DROP, DELETE, ALTER) before executing. If you need higher assurance, run the scripts in a sandbox or on a copy of your database first.

Like a lobster shell, security has layers — review code before you run it.

csvvk97231thfmrrbwvx74mq4p8t2584gx3vdatabasevk97231thfmrrbwvx74mq4p8t2584gx3vimportvk97231thfmrrbwvx74mq4p8t2584gx3vlatestvk97231thfmrrbwvx74mq4p8t2584gx3vmigrationvk97231thfmrrbwvx74mq4p8t2584gx3vsqlvk97231thfmrrbwvx74mq4p8t2584gx3v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments