SQL Query Generator
v0.3.0Generate secure SQL queries with validation, pagination helpers, risk analysis, and audit-focused safeguards.
⭐ 0· 1.3k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (secure SQL query generation, validation, pagination, audit) align with the included Python implementation, examples, and tests. The code implements validators, query builders, rate limiting, and audit logging described in the README/SKILL.md. Minor provenance mismatches exist in README/SKILL.md (placeholder clone URLs and different GitHub user strings), and the package source is listed as unknown — this is an origin/packaging inconsistency but does not contradict the declared functionality.
Instruction Scope
SKILL.md limits runtime instructions to generating and validating SQL, using parameterized queries, and following security guidelines. It does not instruct reading unrelated system files or exfiltrating data. Note: the implementation writes audit logs (sql_audit.log) and records user_id/IP if provided; agents using the skill may be asked to supply user identifiers or IP addresses for rate-limiting/audit, which has privacy implications and should be considered.
Install Mechanism
There is no install spec — the skill is instruction/code-bundle only (low install risk). The README and SKILL.md recommend optional pip installs for DB drivers; no downloads from arbitrary URLs or archive extractions are specified. Running the code will create local log files, but there is no remote code fetch or execution of externally downloaded artifacts.
Credentials
The skill requests no environment variables or credentials. To actually execute generated queries you will need usual DB credentials (not requested by the skill). The code sanitizes logs and redacts patterns like api_key/token/secret, but you should avoid supplying production DB credentials to an untrusted environment — the skill itself does not demand unrelated secrets.
Persistence & Privilege
always:false (normal). The skill creates local audit logs (default: sql_audit.log) and keeps rate-limiting/audit state in memory/file; this is expected for audit functionality. It does not request system-wide privilege escalation or modify other skills' configs. Confirm where audit logs are written and who can read them in your deployment environment.
Assessment
This package appears coherent with its stated goal (secure SQL generation) and includes validators, tests, and audit logging. Before installing or running it in production: 1) Verify the repository origin and author (SKILL.md/README contain placeholder or mismatched repo names). 2) Review where audit logs (sql_audit.log) will be created and who can access them — logs may contain user IDs or IPs even if sanitized. 3) Run the provided security_tests.py in an isolated environment to confirm behavior. 4) Do not hand production DB credentials to the skill or allow it autonomous access to your production database until you’ve audited the code and confirmed acceptable privacy/operational controls. 5) Be skeptical of absolute claims like “100% detection” — treat those as marketing and validate with your own tests.Like a lobster shell, security has layers — review code before you run it.
latestvk974mbh9cthnba4hgppzg6b1v181j1d9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.