ClawHub

sql-server-toolkit

v1.0.1

Command-line tools for SQL Server schema creation, migrations, index management, performance diagnostics, backups, restores, and bulk data import/export.

0· 920·4 current·4 all-time
byRamesh Babu Vavilla@sqlservr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name, README, SKILL.md, and included SQL scripts are coherent with a SQL Server toolkit. However, the registry metadata lists no required binaries or env vars while the documentation explicitly expects sqlcmd and bcp; that's an omission that doesn't align with the stated purpose.
Instruction Scope
The SKILL.md instructs only local SQL Server interactions (sqlcmd, backup to local disk, running provided scripts). It does not instruct reading unrelated system files or posting data to external endpoints. Instructions are concrete and limited to DB management tasks.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code; nothing will be written to disk by an installer. Files in the package are static SQL and docs.
!
Credentials
No environment variables or credentials are declared, yet SKILL.md shows example commands that use authentication (e.g., -U sa -P YourPassword) and recommends sqlcmd and bcp. That omission is disproportionate: the skill expects credentials and specific tools but doesn't declare them, and it demonstrates passing passwords on the command line (which exposes secrets to process listings).
Persistence & Privilege
The skill is not always-enabled, does not request system-wide changes, and has no install steps that modify other skills or global settings. It does not request elevated or persistent privileges itself.
What to consider before installing
This package appears to be a straightforward SQL Server CLI toolkit (migration scripts, backup/diagnostic examples) and the SQL files provided look benign. However, before installing or running anything: 1) note that the skill's metadata does not declare that sqlcmd and bcp are required even though the docs require them — ensure those tools are installed from trusted sources; 2) do not run the example commands against production databases — test in an isolated environment first; 3) avoid using the 'sa' account or putting passwords on the command line (use Windows Authentication or secure credential mechanisms) because command-line passwords can be exposed to other system users and logs; 4) verify and, if needed, change the backup path (C:\backup) to a secure location with appropriate permissions; 5) review each migration/SQL script before execution to ensure it performs only the operations you expect. The main issue is inconsistency around required tools and credential handling — fixing those (declare required binaries, recommend secure auth patterns) would reduce the security concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dv0dwnhxhcec9by4nyyacf981kw6b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments