ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

数据库锁分析与死锁检测

v1.0.0

数据库锁分析与死锁检测,支持当前锁分析、死锁检测、锁等待链追踪。 使用场景: - 用户说"看锁" → 执行 analyze - 用户说"死锁" → 执行 deadlocks - 用户说"阻塞" → 执行 chains - 用户说"终止事务" → 执行 kill <事务ID> 用法: - dbskiter --ou...

0· 23·0 current·0 all-time
by@magicczc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for magicczc/dbskiter-db-lock-analyzer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "数据库锁分析与死锁检测" (magicczc/dbskiter-db-lock-analyzer) from ClawHub.
Skill page: https://clawhub.ai/magicczc/dbskiter-db-lock-analyzer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dbskiter-db-lock-analyzer

ClawHub CLI

Package manager switcher

npx clawhub@latest install dbskiter-db-lock-analyzer
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill clearly targets database lock analysis, deadlock detection, and killing transactions — functionality that matches the name/description. However, the runtime instructions rely entirely on a CLI tool named 'dbskiter' (and its --database argument) even though the skill metadata lists no required binary or install mechanism. The dependency on that CLI should have been declared.
!
Instruction Scope
SKILL.md instructs the agent to run shell commands (dbskiter ... lock analyze/deadlocks/chains/kill) which will interact with databases and can be destructive (kill <transaction_id>). The instructions do not describe how authentication/connection to the database is obtained (no env vars, config paths, or credential guidance), and they give the agent discretion to run 'kill', which can terminate production transactions. The scope is narrowly relevant but lacks safeguards and context.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written to disk by the skill itself. That is low-risk in itself, but because it expects an external executable (dbskiter) without providing provenance or an install method, you cannot verify the origin or trustworthiness of that CLI from the skill package alone.
!
Credentials
The skill requests no environment variables or credentials in metadata, yet it requires access to databases. Practical use will require DB connection credentials or environment configuration outside the skill. The lack of declared primary credential or guidance on where credentials come from is a mismatch and a potential security/operational risk (accidental use of privileged credentials, or unclear credential storage).
Persistence & Privilege
The skill is not always-enabled and does not request special platform persistence. It does allow normal autonomous invocation (platform default). Combined with the ability to run destructive 'kill' commands, autonomous invocation increases risk, but that is a platform-level default rather than a property unique to this skill.
What to consider before installing
This skill appears to do what it says (analyze locks, detect deadlocks, trace chains, and kill transactions), but it assumes a command-line tool named 'dbskiter' and database connectivity without declaring them. Before installing or enabling it: 1) Confirm you have a trusted 'dbskiter' binary on the agent host and verify its provenance/version; 2) Decide how database credentials will be provided (and ensure least privilege — read-only for analysis, separate privileged creds for any kill operations); 3) Consider adding safeguards (require explicit user confirmation before running any 'kill' command, restrict the skill to non-production databases, or log and audit its actions); 4) If you need to allow autonomous invocation, restrict the agent's ability to execute destructive commands or require explicit approval for transaction termination. If the maintainer can supply an explicit required-binaries list and clear credential/connection instructions, re-evaluate — currently the mismatch between declared requirements and runtime expectations is the main concern.

Like a lobster shell, security has layers — review code before you run it.

latestvk97772bda8mzst1wzj2pn18e7x85pn6d
23downloads
0stars
1versions
Updated 9h ago
v1.0.0
MIT-0
@magicczc
latest
Download

锁分析 Skill

何时使用

当用户提到以下关键词时,使用此skill:

用户说法执行命令说明
"看锁"dbskiter --output-mode=ai --database=<name> lock analyze分析当前锁情况
"死锁"dbskiter --output-mode=ai --database=<name> lock deadlocks检测死锁
"阻塞"dbskiter --output-mode=ai --database=<name> lock chains追踪锁等待链
"锁报告"dbskiter --output-mode=ai --database=<name> lock report生成锁分析报告
"终止事务"dbskiter --output-mode=ai --database=<name> lock kill <id>终止阻塞事务

核心命令

1. 分析当前锁

dbskiter --database=<数据库名> lock analyze

输出:总锁数、等待中锁数、已授予锁数

2. 检测死锁

dbskiter --database=<数据库名> lock deadlocks

输出:死锁数量、涉及事务、解决建议

3. 追踪锁等待链

dbskiter --database=<数据库名> lock chains

输出:锁等待链数量、链深度、阻塞源头

4. 终止事务

dbskiter --database=<数据库名> lock kill <transaction_id>

注意:谨慎使用,会强制终止事务

锁类型

  • TABLE:表锁
  • ROW:行锁
  • METADATA:元数据锁

数据库支持情况

数据库锁分析死锁检测锁等待链说明
MySQL完整支持支持支持完全可用
PostgreSQL完整支持支持支持完全可用
Oracle完整支持支持支持完全可用

AI决策流程

场景1:用户说"看看锁情况"

步骤1:执行 dbskiter --database=<name> lock analyze
步骤2:查看锁统计信息
步骤3:如果有等待锁,执行 dbskiter --database=<name> lock chains 查看阻塞链
步骤4:总结锁情况给用户

场景2:用户说"有死锁吗"

步骤1:执行 dbskiter --database=<name> lock deadlocks
步骤2:如果有死锁,列出涉及的事务和SQL
步骤3:给出解决建议(如终止某个事务)

场景3:用户说"有阻塞"

步骤1:执行 dbskiter --database=<name> lock chains
步骤2:分析阻塞链,找出阻塞源头
步骤3:建议终止阻塞源头事务或优化业务逻辑

Comments

Loading comments...