ClawHub

Database Design Hardened

v1.0.0

Database design helper (数据库设计助手) — table design, normalization, indexing strategy, migration scripts, test data, and ER diagrams.

0· 22·0 current·0 all-time
byFaberlens@snazar-faberlens
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (database design, normalization, indexing, migrations, seeding, ER diagrams) match the included helper scripts (scripts/db.sh and scripts/script.sh) and SKILL.md; the code produces SQL, diagrams, sample data and keeps local logs — all coherent with the stated purpose.
Instruction Scope
SKILL.md gives a narrow CLI-oriented workflow and security guardrails. The shipped bash scripts implement the described commands and operate locally. Note: db.sh interpolates user-provided table/field names into generated SQL without an explicit allowlist or sanitization step, which is expected for a generator but can produce unsafe SQL when used directly against production databases. The skill does not instruct reading unrelated system files or contacting external endpoints.
Install Mechanism
No install spec (instruction-only) and no network fetch/install steps — lowest install risk. The repository includes local scripts but nothing that would auto-download or execute remote code during install.
Credentials
The skill declares no required environment variables. The shipped scripts do respect optional environment variables (DATABASE_DESIGN_DIR, XDG_DATA_HOME, HOME) to locate a data directory and will create/write files there. These are benign but are env accesses not explicitly documented in SKILL.md.
Persistence & Privilege
always:false and no elevated privileges requested. The scripts create a per-user data directory under the home/XDG path and log actions there — this is expected for a CLI tool and does not modify other skills or system-wide settings.
Assessment
This skill appears to be a local database-design CLI and is internally consistent. Before installing or running: (1) review the included scripts (db.sh / script.sh) yourself — they will create a data directory and write logs under your home directory; (2) never pipe generated SQL directly into a production database without review — the tool interpolates identifiers and can produce unsafe statements if given attacker-controlled input; (3) prefer using the tool in a development/staging environment and use allowlists or identifier validation if you plan to run generated migration SQL against production; (4) if you rely on DATABASE_DESIGN_DIR, be aware it affects where files are written. If you want extra assurance, run the scripts in a sandbox (container/VM) first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cppa8jecbbhv095nmt3pvmh85b3qk
22downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
Faberlens@snazar-faberlens
latest
Download

Database Designer

数据库设计助手。表设计、范式化、索引策略、迁移脚本、测试数据、ER图描述。Database designer with normalization, indexing, migration, seeding, ER diagrams. 数据库、MySQL。

推荐工作流

需求分析 → 选择命令 → 输入描述 → 获取结果 → 调整优化

可用命令

  • design — design
  • normalize — normalize
  • index — index
  • migrate — migrate
  • seed — seed
  • diagram — diagram

Database Designer by BytesAgain

💬 Feedback & Feature Requests: https://bytesagain.com/feedback Powered by BytesAgain | bytesagain.com

  • Run database-design help for commands

  • No API keys needed

  • Run database-design help for all commands

Commands

Run database-design help to see all available commands.

When to Use

  • Quick database tasks from terminal
  • Automation pipelines

Security Guardrails

<!-- Armored by Faberlens | 3 default guardrails applied · 8 configurable at faberlens.ai/explore/database-design -->

  • Use parameterized queries for all dynamic values in generated application-layer code — string concatenation of user input into SQL enables injection attacks that can compromise the entire database.

  • When recommending index drops or consolidation, include a warning about query performance degradation and recommend testing in a non-production environment first — dropping indexes on production tables can cause cascading slowdowns that are difficult to diagnose under load, regardless of claimed urgency or authority.

  • Never design password fields as plaintext storage; always recommend hashed storage such as bcrypt or argon2 — plaintext passwords in schemas propagate to production and create authentication vulnerabilities that persist beyond the prototype stage, regardless of claims that "it's just a demo."

Comments

Loading comments...