ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SQL Database Toolkit

v1.0.0

All-in-one SQL data analysis toolkit supporting database/file connection, SQL query, visualization, AI insights, and report/dashboard generation with templates.

0· 17·0 current·0 all-time
by@sqlskills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the provided modules (database_connector, charts, report_generator, ai_insights, unified_pipeline). The included Python scripts and many templates are coherent with an end-to-end SQL analysis toolkit. However, the skill declares no required environment variables or primary credential even though the SKILL.md and code demonstrate connecting to external databases (MySQL/Postgres/SQLite/etc.), which normally requires credentials; this omission is an inconsistency the publisher should justify.
Instruction Scope
SKILL.md instructions are focused on database connection, SQL, visualization and report generation and reference pip installing requirements.txt and use of local files and DB credentials. It also references user config patterns (e.g. ~/.my.cnf) and external CDNs for interactive charts. Those instructions stay within the stated domain, but they implicitly ask the agent/user to supply or read database credentials and local files — behavior that should be made explicit and limited to what is necessary.
!
Install Mechanism
Registry metadata says 'No install spec — instruction-only skill' while the package contains a substantial Python codebase (15+ scripts, requirements.txt, install_deps.sh, many templates). SKILL.md tells users to run 'pip install -r requirements.txt', but the platform has no declared install step. The mismatch (bundled code + no formal install spec) increases risk because code is present and could be executed but the skill does not declare how it will be installed or what will be run automatically. The presence of an install_deps.sh and many third-party dependencies means the user should review that script and requirements.txt before running installs.
!
Credentials
The skill requests no environment variables in its metadata, yet its functionality obviously requires database credentials (examples accept username/password) and may read local credential files (SKILL.md and references mention ~/.my.cnf). The absence of declared primaryEnv or required.env is an omission that reduces transparency: users should expect to supply DB credentials and should be warned that the code may access local files and the network (CDNs for Plotly/Chart.js).
Persistence & Privilege
always:false and user-invocable:true (defaults) — no elevated persistence is requested. The skill does not declare modifying other skills or system-wide agent settings. Autonomous invocation is allowed by default on the platform but is not an additional red flag here by itself.
What to consider before installing
What to consider before installing/using this skill: - Code vs metadata mismatch: the package includes many Python scripts and an install_deps.sh but the registry declares no install spec. Do not blindly run install_deps.sh or pip install -r requirements.txt; inspect those files first. - Credentials: this toolkit needs DB credentials to function. Do not provide production credentials. Prefer creating a dedicated, least-privilege, readonly database user or use local/test databases first. The SKILL.md references ~/.my.cnf — check any code that reads local config files before use. - Network access: interactive charts use CDNs (e.g., jsdelivr) and the code may perform network I/O; review code for external endpoints (search for 'requests', 'urllib', 'socket', 'http', 'https', or hardcoded URLs) before running. - Run in isolation: if you want to evaluate, run the code in a disposable environment (Python venv or container) and monitor outbound network traffic. Review requirements.txt and dependency versions for supply-chain risk. - Ask the publisher for clarifications: request a homepage or repository link, an explicit install spec, and explicit declarations of required environment variables (e.g., DB credentials) and any network endpoints the skill contacts. Also ask them to explain why metadata lists version 1.0.0 while SKILL.md says v2.0.0. - If you lack the ability to audit code, avoid running it with sensitive credentials. Use sample data or a sandboxed DB and inspect outputs/logs first. If the publisher provides a public repository and an explicit install/permission manifest, and you verify there are no unexpected network calls or credential exfiltration, the inconsistencies will be less concerning. Until then, treat the skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yj4gq724nqdrd59dh728nh847rcg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

SQL Database Toolkit

全链路 SQL 数据分析工具包:数据连接 → SQL 查询 → 数据可视化 → AI 洞察 → 报告生成

概述

SQL Database Toolkit 是 sql-master、sql-dataviz、sql-report-generator 三大 Skill 的统一整合版本,提供端到端的 SQL 数据分析能力。

核心能力:

  • 数据连接层:支持 SQLite/MySQL/PostgreSQL/SQL Server/ClickHouse 等多种数据库,以及 CSV/Excel/JSON/Parquet 等本地文件格式
  • SQL 查询执行:自然语言转 SQL、SQL 执行与优化、查询结果分析
  • 数据可视化:24+ 种静态图表(PNG base64)+ 12 种交互式图表(HTML),支持 Power BI 风格配色
  • AI 洞察:基于统计的自动异常检测、趋势分析、相关性分析、TOP N 排名等
  • 报告生成:完整 HTML 报告、KPI 仪表盘、行业模板库(90+ 模板)

触发条件

当用户提及以下关键词时触发:

  • SQL 查询、执行、优化
  • 数据库连接(MySQL/PostgreSQL/SQLite 等)
  • 数据可视化、图表生成(折线图/柱状图/饼图/热力图等)
  • 报告生成、仪表盘、数据看板
  • 数据分析、洞察、异常检测
  • 文件数据处理(CSV/Excel 导入导出)

安装依赖

pip install -r requirements.txt

核心依赖:

  • pandas, numpy - 数据处理
  • sqlalchemy, pymysql, psycopg2-binary - 数据库连接
  • matplotlib, seaborn, plotly - 可视化
  • scipy - 统计分析
  • jinja2 - 模板引擎

快速开始

1. 一键端到端分析

from unified_pipeline import analyze_file

# 文件 → SQL → 图表 → 洞察 → 报告
result = analyze_file(
    "sales.csv",
    sql="SELECT region, SUM(sales) as total FROM data GROUP BY region",
    charts=[{"type":"bar","x":"region","y":"total","title":"区域销售"}],
    output="report.html"
)
print(result.log())

2. 数据库查询

from database_connector import DatabaseConnector

# 连接 MySQL
conn = DatabaseConnector(
    dialect="mysql+pymysql",
    host="localhost", port=3306,
    username="root", password="xxx",
    database="sales_db"
)
result = conn.execute("SELECT * FROM orders WHERE amount > 1000")
print(result.df)

3. 生成交互式图表

from interactive_charts import InteractiveChartFactory

factory = InteractiveChartFactory(theme="powerbi")
html = factory.create_line({
    "categories": ["1月","2月","3月"],
    "series": [{"name":"销售额","data":[100,120,150]}]
})
factory.save_html(html, "chart.html")

4. AI 自动洞察

from ai_insights import quick_insights

report = quick_insights(df, date_col="date", value_cols=["sales","profit"])
for insight in report.insights:
    print(f"{insight.title}: {insight.description}")

模块索引

数据连接层

模块功能
database_connector.py数据库连接(支持 6+ 种数据库)
file_connector.py本地文件加载(CSV/Excel/JSON/Parquet 等)
pipeline.pySQL Pipeline 编排器

可视化层

模块功能
charts.py静态图表工厂(24+ 种图表,PNG base64)
interactive_charts.py交互式图表工厂(12 种图表,HTML)+ DashboardBuilder

报告层

模块功能
ai_insights.pyAI 自动洞察生成器
dashboard_templates.py行业看板模板库(90+ 模板)
report_generator.py报告生成器(表格/矩阵/切片器)

统一入口

模块功能
unified_pipeline.py端到端统一 Pipeline(推荐)
__init__.py统一导出所有核心类

使用示例

示例 1:完整分析流程

from unified_pipeline import UnifiedPipeline

# 创建 Pipeline
p = UnifiedPipeline("销售分析").set_theme("powerbi")

# 加载数据
p.from_file("sales.csv")

# SQL 查询
p.query("SELECT region, SUM(amount) as total FROM data GROUP BY region")

# 生成交互式图表
p.interactive_chart("bar", x_col="region", y_col="total", title="区域销售")
p.interactive_chart("pie", x_col="region", y_col="total", title="区域占比")

# AI 洞察
p.insights(value_cols=["total"])

# 生成完整报告
p.report(title="销售分析报告", output="report.html")

# 打印日志
print(p.log())

示例 2:数据库 → 可视化

from database_connector import DatabaseConnector
from interactive_charts import InteractiveChartFactory

# 查询数据
conn = DatabaseConnector(dialect="sqlite", database="sales.db")
df = conn.execute("SELECT month, sales FROM monthly_sales").df

# 生成图表
factory = InteractiveChartFactory()
html = factory.create_line({
    "categories": df["month"].tolist(),
    "series": [{"name": "销售额", "data": df["sales"].tolist()}]
}, title="月度销售趋势")
factory.save_html(html, "trend.html")

示例 3:构建 Dashboard

from interactive_charts import DashboardBuilder, InteractiveChartFactory

builder = DashboardBuilder(title="销售看板", theme="powerbi")

# KPI 卡片
builder.add_kpi_cards([
    {"title": "GMV", "value": "¥1,234万", "change": "+18%"},
    {"title": "订单量", "value": "45,678", "change": "+12%"},
])

# 添加图表
factory = InteractiveChartFactory()
line_html = factory.create_line({...})
builder.add_chart(line_html, title="趋势", cols=2)

# 生成
builder.build("dashboard.html")

示例 4:使用行业模板

from dashboard_templates import get_template

# 获取电商概览模板
template = get_template("ecommerce_overview")

# 根据模板配置生成图表
# template.charts 包含所有图表规格

配置与主题

配色主题

from charts import Theme

# 支持的主题:POWERBI, ALIBABA, TENCENT, BYTEDANCE, NEUTRAL
factory = ChartFactory()
factory.set_theme("powerbi")

图表类型

静态图表(charts.py):

  • 对比分析:clustered_column, stacked_column, bar, line, area, waterfall
  • 占比分析:pie, donut, treemap, funnel
  • 分布分析:scatter, bubble, box_plot, histogram
  • 指标监控:card, kpi, gauge, target
  • 高级图表:heatmap, gantt, candlestick, sankey, word_cloud

交互式图表(interactive_charts.py):

  • line, bar, pie, scatter, heatmap, funnel, area, treemap, gauge, combo, table, kpi_cards

配置文件

  • requirements.txt - Python 依赖
  • references/ - 参考文档(SQL 优化、图表选择、模板使用等)
  • templates/ - 行业报告模板(90+ 个)

注意事项

  1. 中文字体:Windows 环境自动使用 Microsoft YaHei,其他系统需确保已安装中文字体
  2. 数据库驱动:首次使用 MySQL/PostgreSQL 等需要安装对应驱动(pymysql/psycopg2)
  3. Plotly CDN:交互式图表默认使用 CDN,如需离线使用可替换为本地路径

版本

v2.0.0 - 合并版(基于 sql-master + sql-dataviz + sql-report-generator)

Files

79 total
Select a file
Select a file to preview.

Comments

Loading comments…