SQL Query Reviewer
v1.0.0Reviews SQL queries for correctness, security risks, and performance issues; provides a structured report with severity ratings and optimized rewrites.
⭐ 0· 97·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (review SQL for correctness, security, performance) matches the SKILL.md instructions. No unrelated environment variables, binaries, or install steps are required. The lack of homepage/source is inconvenient for provenance but does not create an obvious capability mismatch given this is instruction-only.
Instruction Scope
Instructions focus on static analysis of SQL provided by the user and list specific checks to run. They do not instruct reading system files, environment variables, or contacting external endpoints. One item to note: the 'self-improvement' instruction asks the agent to count findings across reviews and surface top anti-patterns after 20 reviews — that implies maintaining state across runs (agent memory or external storage) but the skill gives no guidance on how/where to persist that data.
Install Mechanism
No install spec and no code files — lowest-risk, instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The checks described (injection patterns, indexes, joins, etc.) are consistent with this lack of external credentials.
Persistence & Privilege
always:false and no elevated privileges — appropriate. However, the self-improvement instruction implicitly requires persistence of review counts; if the agent implements that by writing to memory or storage, users should be aware that aggregated findings may be retained. The skill itself does not request persistent privileges or system-wide changes.
Assessment
This skill is coherent and appears to do static SQL review only. Before installing: (1) avoid pasting sensitive production data (passwords, full PII) into queries you submit; (2) if you are uncomfortable with the 'self-improvement' behavior, check whether your agent stores review counts or shared memory — the skill's instructions expect the agent to track counts but do not specify where; (3) remember the skill is not connecting to your database — it cannot run queries or validate runtime plans, so provide approximate table sizes or explain hot-path context when you need realistic index advice; (4) prefer using on-prem or vetted tools if you need guaranteed data privacy. Overall this skill is consistent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97d4w0b8k4bhag14z266pzb2h83dmh0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.