ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

dbdoctor-tools

v1.0.5

DBdoctor database performance diagnosis platform tools. Invoke when user needs to query database instances, slow SQL, inspection reports, performance metrics...

0· 124·0 current·0 all-time
by@dbdoctor-das
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md broadly match the stated purpose (database diagnosis, slow-SQL, audits, instance management). However the registry metadata lists only DBDOCTOR_URL as required, while SKILL.md and common/config.py require additional credentials (DBDOCTOR_USER/DBDOCTOR_PASSWORD for password mode or DBDOCTOR_EMAIL for email mode). That mismatch is incoherent and will cause runtime failures or unexpected prompts unless those extra env vars are provided.
!
Instruction Scope
Runtime instructions and the included scripts call the DBdoctor API and perform both read-only queries and privileged write actions (execute_sql, manage_instance). The code: - reads a local .env in the package directory as a legacy fallback, - prompts interactively for email verification codes (not suitable for non-interactive/autonomous runs), - caches session tokens to a .token_cache file, and - disables TLS verification on HTTP requests (requests.* verify=False). None of these are out-of-purpose, but the interactive prompt, token persistence, and unverified HTTPS requests expand the operational scope and risk and should be reviewed.
Install Mechanism
There is no external download/install spec; the skill is bundled as code with a requirements.txt (requests, pycryptodome, python-dotenv). Dependencies are standard and expected for the functionality. No remote arbitrary download URLs or extract steps were found.
!
Credentials
The registry declares only DBDOCTOR_URL required, but the SKILL.md and code legitimately require sensitive environment variables for operation (DBDOCTOR_USER and DBDOCTOR_PASSWORD for password mode, or DBDOCTOR_EMAIL for email-login). The skill will store a session token in .token_cache. The code also embeds static AES keys for encryption/decryption of credentials/legacy storage; while explainable for compatibility, embedded keys increase attack surface. Requiring plaintext DB credentials for manage_instance and allowing execute_sql (which can run arbitrary SQL) are expected but high-privilege and must be considered proportionally.
Persistence & Privilege
The skill does not set always: true and does not alter other skills. It persists an API session token to .token_cache in the package directory. That persistence is limited but means tokens survive runs; token caching and automatic re-login are normal for convenience but you should be aware of where the token is stored and who can read it.
Scan Findings in Context
[base64-block] unexpected: A base64-block pattern was detected inside SKILL.md content by the pre-scan. This may indicate an attempt at prompt-injection or hidden payloads inside documentation. The code itself uses base64 in legitimate AES encoding/decoding, but any base64 data embedded in SKILL.md merits manual review before trusting the skill.
What to consider before installing
This package appears to be the real DBdoctor CLI-style toolkit, but there are a few red flags you should address before installing: - Provide required credentials only after confirming which login mode you'll use: the package actually needs DBDOCTOR_URL plus either DBDOCTOR_USER+DBDOCTOR_PASSWORD (password mode) or DBDOCTOR_EMAIL (email mode). Registry metadata listing only DBDOCTOR_URL is inaccurate. Expect interactive prompts if using email mode. - Review and accept that two scripts are privileged: execute_sql (runs arbitrary SQL) and manage_instance (registers DB instances). Do not run those against production systems without review and proper credentials/approvals. - The HTTP client disables TLS verification (requests with verify=False). That makes network traffic vulnerable to MITM; prefer configuring a secure endpoint (https with valid certs) or patching the code to enable verification. - The tool caches a session token to .token_cache in the package directory. If that file or directory is shared, consider its permissions or clear it after use. - The code contains embedded static AES keys used for compatibility/legacy decryption; while used for convenience, embedded keys reduce secrecy and warrant caution with where you run this tool and what secrets you supply. - The pre-scan flagged a base64 block in SKILL.md. Inspect the SKILL.md and any embedded content for hidden instructions or data before trusting the package. If you proceed: run it in an isolated/sandbox environment first, inspect the scripts you intend to use (especially execute_sql/manage_instance), and only supply credentials that are scoped/limited for testing. If you need higher confidence, ask the publisher for clarification on required env vars, the base64 content, and whether verify=False can be changed to verify TLS certificates.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r739ta8dfk3v01jkh161sx84fc8n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvDBDOCTOR_URL

Comments