ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SQL全生命周期审核

v1.0.0

SQL全生命周期审核,支持SQL规范审核、性能评估、DDL影响分析。 使用场景: - 用户说"审核SQL" → 执行 sql "<SQL>" - 用户说"检查规范" → 执行 sql "<SQL>" - 用户说"DDL影响" → 执行 ddl "<DDL>" - 用户说"查看规则" → 执行 rules 用法:...

0· 32·0 current·0 all-time
by@magicczc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for magicczc/dbskiter-db-sql-auditor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "SQL全生命周期审核" (magicczc/dbskiter-db-sql-auditor) from ClawHub.
Skill page: https://clawhub.ai/magicczc/dbskiter-db-sql-auditor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install dbskiter-db-sql-auditor

ClawHub CLI

Package manager switcher

npx clawhub@latest install dbskiter-db-sql-auditor
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is described as an SQL auditing tool and the SKILL.md repeatedly references the dbskiter CLI and appropriate audit/ddl/optimize commands — that aligns with the stated purpose. However, the manifest does not declare dbskiter as a required binary and gives no detail about how the CLI will authenticate to target databases (no required env vars/config paths). A legitimate SQL-audit skill would normally declare the CLI dependency and how to supply DB credentials or connection config.
!
Instruction Scope
Runtime instructions explicitly tell the agent to run dbskiter commands using a --database=<name> argument and to audit files by path. The SKILL.md assumes the existence of a working dbskiter installation and an accessible database connection but does not instruct how credentials or connection strings are provided or protected. That omission grants the agent broad implicit authority (it may end up accessing databases or local files) without declaring those requirements.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer or archive to review. This lowers install-time risk. However, the SKILL.md depends on an external CLI (dbskiter) that is neither provided nor declared.
!
Credentials
The skill requires connecting to databases (per the commands) but declares no required environment variables, primary credential, or config paths. That is disproportionate: database credentials/connection info are necessary for the described functionality and should be explicitly declared. The omission makes it unclear how secrets are supplied and handled.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but does not combine with other privilege escalations in the manifest.
What to consider before installing
Before installing or enabling this skill: 1) Ask the author to declare required dependencies (explicitly list dbskiter as a required binary and its minimum version). 2) Require explicit documentation for how database connections/credentials are supplied (environment variables, config files, or an external connector) and ensure least-privilege credentials are used (read-only, limited-schema). 3) Verify dbskiter's provenance (official website/GitHub release) and review what data it sends off-host — confirm it doesn't exfiltrate data. 4) Be cautious about the 'audit file <path>' feature: it may cause the agent to read arbitrary local files; run initially in a sandbox or with non-sensitive sample files. 5) If you want to proceed safely, request an updated skill manifest that lists required binaries and required env vars or config paths; with that information the coherence and risk can be reassessed.

Like a lobster shell, security has layers — review code before you run it.

latestvk979d7fchddqhfsbbph8c193sd85pwkc
32downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
@magicczc
latest
Download

SQL审核 Skill

何时使用

当用户提到以下关键词时,使用此skill:

用户说法执行命令说明
"审核SQL"dbskiter --output-mode=ai --database=<name> audit sql "<SQL>"审核单条SQL
"检查规范"dbskiter --output-mode=ai --database=<name> audit sql "<SQL>"检查SQL规范
"DDL影响"dbskiter --output-mode=ai --database=<name> audit ddl "<DDL>"分析DDL影响
"审核文件"dbskiter --output-mode=ai --database=<name> audit file <path>审核SQL文件
"查看规则"dbskiter --output-mode=ai --database=<name> audit rules查看审核规则

核心命令

1. 审核SQL

dbskiter --database=<数据库名> audit sql "SELECT * FROM users WHERE id = 1"

输出:审核评分、问题列表、修复建议

评分标准

  • 90-100:通过
  • 80-89:警告
  • <80:不通过

2. DDL影响分析

dbskiter --database=<数据库名> audit ddl "ALTER TABLE users ADD COLUMN age INT"

输出:预估执行时间、风险点、建议

3. 审核SQL文件

dbskiter --database=<数据库名> audit file queries.sql

用途:批量审核多个SQL语句

4. 查看规则

dbskiter --database=<数据库名> audit rules

输出:所有审核规则列表

核心命令(9个)

1. 审核SQL

dbskiter --database=<数据库名> audit sql "SELECT * FROM users WHERE id = 1"

输出:审核评分、问题列表、修复建议

2. DDL影响分析

dbskiter --database=<数据库名> audit ddl "ALTER TABLE users ADD COLUMN age INT"

输出:预估执行时间、风险点、建议

3. 审核SQL文件

dbskiter --database=<数据库名> audit file queries.sql

用途:批量审核多个SQL语句

4. 查看规则

dbskiter --database=<数据库名> audit rules

输出:所有审核规则列表

5. SQL优化

dbskiter --database=<数据库名> audit optimize "SELECT * FROM users WHERE age > 18"

功能:智能优化SQL,提供重写建议、索引推荐、成本估算

6. 索引推荐

dbskiter --database=<数据库名> audit recommend-indexes "SELECT * FROM orders WHERE user_id = 1"

功能:分析SQL并推荐合适的索引

7. 执行计划分析

dbskiter --database=<数据库名> audit analyze-plan --plan="EXPLAIN输出"

功能:分析执行计划,识别性能瓶颈

8. 成本估算

dbskiter --database=<数据库名> audit estimate-cost "SELECT * FROM users"

功能:估算SQL执行成本(IO、CPU、内存)

9. SQL重写

dbskiter --database=<数据库名> audit rewrite "SELECT * FROM users WHERE id = 1"

功能:自动重写SQL,消除常见性能问题

审核类型

  • syntax:语法规范
  • performance:性能规范
  • security:安全规范
  • style:编码风格
  • ddl:DDL规范

AI决策流程

场景1:用户说"审核这条SQL"

步骤1:提取用户提供的SQL
步骤2:执行 dbskiter --database=<name> audit sql "<SQL>"
步骤3:解读审核评分和问题列表
步骤4:给出修复建议

场景2:用户说"这个DDL有什么影响"

步骤1:提取DDL语句
步骤2:执行 dbskiter --database=<name> audit ddl "<DDL>"
步骤3:解读影响分析结果
步骤4:给出执行建议(如低峰期执行)

Comments

Loading comments...