sql-server-toolkit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sql-server-toolkit Version: 1.0.1 The skill bundle provides standard SQL Server management capabilities and examples, including schema creation, migrations, performance diagnostics, and database backup. All commands and SQL scripts are consistent with the stated purpose of a 'SQL Server Toolkit'. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The backup command writing to a specific disk path is a standard SQL Server operation and does not indicate malicious intent within the skill itself, but rather demonstrates a legitimate function.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken command could change schemas, run migrations on the wrong database, or overwrite an existing backup file.
The skill documents raw SQL Server command execution and a backup command that can overwrite backup media. This is expected for the toolkit, but it is high-impact if run against the wrong database or path.
sqlcmd -S localhost -d MyDatabase -i script.sql ... BACKUP DATABASE MyDatabase ... WITH FORMAT, INIT;
Review each SQL script, confirm the server/database/path, and require explicit user approval before migrations, restores, bulk imports/exports, or backup commands using FORMAT/INIT.
Using a broad admin account could let a mistaken or overbroad command affect more data than intended, and command-line passwords may be exposed in shell history or process listings.
The example shows SQL Server password authentication using the sa account placeholder. This is a common SQL Server example, but sa is typically a highly privileged login.
sqlcmd -S localhost -U sa -P YourPassword
Prefer Windows Authentication or a least-privileged SQL login, avoid putting real passwords directly on the command line, and limit permissions to the target database and task.
Performance output could reveal sensitive query details if copied into chat logs, tickets, or shared reports.
The diagnostics script retrieves cached SQL text from SQL Server. This is purpose-aligned for performance troubleshooting, but query text can contain sensitive table names, parameters, or literals.
qt.text FROM sys.dm_exec_query_stats qs CROSS APPLY sys.dm_exec_sql_text(qs.sql_handle) qt
Treat diagnostic output as sensitive, redact query text before sharing, and grant DMV access only to users who need it.
Users may install command-line tools outside the skill review path, so tool provenance and version safety are their responsibility.
The README requires external SQL Server tooling, while the registry metadata declares no required binaries and there is no install spec. This is not suspicious by itself, but users must source those dependencies separately.
## Requirements - sqlcmd - bcp - Microsoft SQL Server
Install sqlcmd and bcp from trusted Microsoft sources, verify versions, and consider updating metadata to declare these requirements.