ClawHub

surreal-sync

v1.2.1

Data migration and synchronization to SurrealDB from MongoDB, PostgreSQL, MySQL, Neo4j, Kafka, and JSONL. Full and incremental CDC sync. Part of the surreal-...

2· 593·0 current·0 all-time
byBasit Mustafa@24601
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SurrealDB sync from various sources) matches the SKILL.md content: CLI usage, supported sources, CDC modes, and examples are exactly what you'd expect for a migration/sync tool.
Instruction Scope
SKILL.md gives concrete CLI examples and connection-string usage only; it does not instruct the agent to read unrelated system files or secret stores. Note: examples show credentials passed as command-line flags (e.g., --surreal-password), which can expose secrets via process listings or logs — this is a usability/security note rather than a scope mismatch.
Install Mechanism
The skill has no install specification and no code files (instruction-only). It suggests installing a Rust binary via 'cargo install surreal-sync', which is a plausible and proportional install step for a Rust CLI; the skill itself will not download or write code to disk automatically.
Credentials
No required environment variables, no unrelated credentials, and CLI examples require only the typical connection strings/credentials for the source DB and SurrealDB destination — all proportional to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modification of other skills/configs. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears coherent and focused on data migration to SurrealDB. Before installing or running it: (1) verify the upstream repository (the SKILL.md references github.com/surrealdb/surreal-sync) and prefer official release binaries or pinned commits; (2) avoid putting passwords on the command line where possible — use config files, environment variables, or secret stores to prevent exposure in process lists and logs; (3) run initial syncs in a test environment with limited-permission accounts and review CDC setup steps (wal2json, triggers, Kafka consumer configs) to avoid accidental data or production-impacting operations; (4) because this is instruction-only, the skill will not automatically install code — you or your agent will run the cargo install; confirm you trust the upstream binary source before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk970g2cfx3m02zrye1n3dxedpn82vyh5surrealdbvk970g2cfx3m02zrye1n3dxedpn82vyh5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments