ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Aloudata CAN SKILLS - text-to-sql-query

v1.0.0

直接通过 Text-to-SQL 方式查询零售数据库。根据用户自然语言描述,生成 SQL 查询语句并执行。 本 Skill 不依赖语义层或指标平台,而是直接基于数据库 schema 生成 SQL。 触发场景:用户需要查询零售数据、生成 SQL 查询、分析销售/客户/商品数据时使用。

1· 155·0 current·0 all-time
by@jackyujun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Text-to-SQL for a retail DB) aligns with the runtime instructions (generate SQL and POST to a JDBC query gateway). However the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires an API key ($CAN_API_KEY). That mismatch is an incoherence between claimed requirements and actual instructions.
!
Instruction Scope
Instructions are explicit about building and sending SQL to https://gateway.can.aloudata.com/api/jdbc/query and enforce SELECT-only and a six-table whitelist — which is consistent with the stated purpose. However the examples recommend curl --noproxy '*' which bypasses system proxies/monitoring (a potential exfiltration/monitoring-evasion risk). The SKILL.md also differentiates 'strong' models that may 'decide implementation details', which can broaden what the skill does at runtime beyond the strict templates.
Install Mechanism
No install spec and no code files (instruction-only). That minimizes on-disk execution risk; nothing is downloaded or written by an installer.
!
Credentials
The skill requires an API key (CAN_API_KEY) to call the JDBC gateway but the registry metadata declares no required env vars or primary credential — a direct inconsistency. A single service API key is reasonable for this purpose, but it is sensitive because it allows querying database data; the SKILL.md does not enumerate the privilege scope of that key or who operates the gateway. The proxy-bypass recommendation increases risk that data could be exfiltrated outside corporate monitoring.
Persistence & Privilege
always is false and there is no install script or persistent component. The skill does not request permanent presence or attempt to modify other skills or agent-wide configuration.
What to consider before installing
This skill appears to implement a Text-to-SQL proxy to run SELECT queries against a retail database, but there are two issues you should resolve before trusting it: (1) SKILL.md requires an API key named CAN_API_KEY, yet the registry metadata lists no required credentials — ask the publisher to declare CAN_API_KEY (and the minimal scopes/permissions for that key) in the metadata; (2) the provided curl examples use --noproxy '*' which explicitly bypasses system proxies and monitoring — ask the author to remove that and use normal proxy behavior so your network monitoring and egress controls still apply. Additional precautions: only provide a least-privilege API key scoped to allowed tables/columns and environments (prefer non-production for initial testing), confirm who operates https://gateway.can.aloudata.com and their security/retention policies, require row/column-level restrictions if sensitive PII could be present, rotate keys if you test this skill, and prefer using an audited client (not ad-hoc curl) if you must allow the skill. If the publisher cannot confirm the above (credential scope and removal of proxy bypass), treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk975jpbm6ty096y1t3ycy4y8g983qryg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments