ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sqlformat

v2.0.0

Format, lint, and pretty-print SQL with dialect conversion. Use when checking style, validating syntax, formatting queries, generating clean SQL.

0· 219·1 current·1 all-time
by@bytesagain3

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bytesagain3/sqlformat.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sqlformat" (bytesagain3/sqlformat) from ClawHub.
Skill page: https://clawhub.ai/bytesagain3/sqlformat
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sqlformat

ClawHub CLI

Package manager switcher

npx clawhub@latest install sqlformat
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the implementation: a bash-based CLI that formats/lints/records SQL-related entries. Required tools and declared capabilities align with a local devtool.
Instruction Scope
SKILL.md and script instruct the agent to accept SQL input and record timestamped entries to local log files (~/.local/share/sqlformat by default). This is within scope for a logger/formatter, but it means any SQL you pass (including connection strings, queries with literals, or credentials) will be stored in plain text. The SKILL.md does not explicitly warn about logging sensitive data.
Install Mechanism
No install spec or downloads are present; the skill is instruction + a local bash script. No external package installs or remote downloads are used.
Credentials
No credentials or secret environment variables are required. One optional env var (SQLFORMAT_DIR) controls storage location, which is reasonable. However, the skill's logging behavior creates a data persistence risk for any sensitive SQL passed to it.
Persistence & Privilege
The skill creates and writes only its own data directory under the user's home (~/.local/share/sqlformat by default). always:false and no system-wide configuration changes are requested.
Assessment
This skill appears to be a straightforward local SQL formatting/linting CLI that stores all inputs in plain-text log files. Before installing or running: 1) Inspect the full script (the provided script snippet appears truncated in the review copy) to confirm there are no hidden network calls or unexpected commands. 2) Avoid passing any sensitive data (passwords, connection strings, or PII) to the tool; anything you pass can be logged. 3) If you need to use it with sensitive queries, set SQLFORMAT_DIR to a secure directory with restrictive permissions (chmod 700) or use a temporary/sandboxed account. 4) Periodically review and securely delete logs (or add redaction) if they contain secrets. 5) Because the tool stores data locally, there is no automatic exfiltration observed in the visible code, but verify the remainder of the script before trusting it in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fej699xhb77jkzsntwzkxzh835n9c
219downloads
0stars
1versions
Updated 14h ago
v2.0.0
MIT-0
@bytesagain3
latest
Download

SQLFormat

SQL query formatter, linter, and devtools toolkit. Check SQL style, validate syntax, format and pretty-print queries, lint for best practices, explain execution plans, convert between dialects, and manage SQL templates — all from the command line.

Commands

Run sqlformat <command> [args] to use. Each command records timestamped entries to its own log file.

Core Operations

CommandDescription
check <input>Check SQL code for style or correctness issues
validate <input>Validate SQL syntax against rules
generate <input>Generate formatted SQL snippets or boilerplate
format <input>Format and pretty-print a SQL query with proper indentation
lint <input>Lint SQL for style violations and anti-patterns
explain <input>Record query explanation or execution plan notes
convert <input>Convert SQL between dialects (MySQL ↔ PostgreSQL, etc.)
template <input>Store or retrieve reusable SQL templates
diff <input>Record differences between SQL versions
preview <input>Preview a formatting transformation before applying
fix <input>Log an applied fix to a SQL issue
report <input>Record a formatting or lint report

Utility Commands

CommandDescription
statsShow summary statistics across all log files (entry counts, disk usage)
export <fmt>Export all data in a given format: json, csv, or txt
search <term>Search across all log files for a keyword (case-insensitive)
recentDisplay the last 20 lines from the activity history log
statusHealth check — version, data dir, entry count, disk usage
helpShow the full command reference
versionPrint current version (v2.0.0)

Note: Each core command works in two modes — call with no arguments to view recent entries (last 20), or pass input to record a new timestamped entry.

Data Storage

All data is stored locally in plain-text log files:

~/.local/share/sqlformat/
├── check.log          # Style check records
├── validate.log       # Syntax validation results
├── generate.log       # Generated SQL snippets
├── format.log         # Formatted query records
├── lint.log           # Lint findings
├── explain.log        # Execution plan notes
├── convert.log        # Dialect conversion records
├── template.log       # Reusable SQL templates
├── diff.log           # SQL version diffs
├── preview.log        # Preview entries
├── fix.log            # Applied fix records
├── report.log         # Lint/format reports
└── history.log        # Unified activity log (all commands)

Each entry is stored as YYYY-MM-DD HH:MM|<input> (pipe-delimited). The history.log file receives a line for every command executed, providing a single timeline of all activity.

Requirements

  • Bash 4.0+ (uses set -euo pipefail)
  • Standard Unix utilities: date, wc, du, tail, grep, sed, cat, basename
  • No external dependencies — pure bash, works on any Linux or macOS system

When to Use

  1. Code review prep — use format and lint to clean up SQL before submitting a pull request
  2. SQL style enforcement — use check and lint to document style violations across a codebase
  3. Dialect migration — use convert when porting queries from MySQL to PostgreSQL (or vice versa)
  4. Query documentation — use explain and template to catalog common query patterns with notes
  5. Batch formatting workflows — use generate and preview to build formatted SQL output pipelines

Examples

# Format a messy query
sqlformat format "SELECT u.id,u.name,o.total FROM users u JOIN orders o ON u.id=o.user_id WHERE o.status='active'"

# Lint SQL for anti-patterns
sqlformat lint "SELECT * FROM users WHERE 1=1"

# Validate SQL syntax
sqlformat validate "INSERT INTO products (name, price) VALUES ('Widget', 9.99)"

# Convert MySQL to PostgreSQL syntax
sqlformat convert "MySQL: AUTO_INCREMENT -> PostgreSQL: SERIAL"

# Store a reusable template
sqlformat template "pagination: SELECT * FROM {table} LIMIT {limit} OFFSET {offset}"

# Export all records to CSV
sqlformat export csv

# Search for entries about JOIN formatting
sqlformat search JOIN

# View statistics
sqlformat stats

Configuration

Set the SQLFORMAT_DIR environment variable to change the data directory:

export SQLFORMAT_DIR="/custom/path/to/data"

Default: ~/.local/share/sqlformat/

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

Comments

Loading comments...