SnowflakeDataEngineer
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Snowflake query purpose, but it can access Snowflake data through undeclared environment-based credentials and exposes a no-auth local SQL execution endpoint with only basic safeguards.
Review before installing. Only run this with a dedicated least-privilege Snowflake role, restrict it to approved databases/schemas/tables, pin dependencies, and avoid leaving the local no-auth endpoint running where other local tools or agents can call it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a broad Snowflake role, the agent could read any data that role can access.
The code uses Snowflake account identity and role settings from the environment, while the registry metadata declares no required environment variables or primary credential. The effective data access depends entirely on how powerful that configured Snowflake role is.
SNOWFLAKE_USER = os.getenv("SNOWFLAKE_USER") ... SNOWFLAKE_DATABASE = os.getenv("SNOWFLAKE_DATABASE") ... SNOWFLAKE_ROLE = os.getenv("SNOWFLAKE_ROLE")Declare the Snowflake configuration and credential requirements, require a least-privileged read-only role, and document the exact databases, schemas, and tables the role may access.
A model or local caller could issue broad SELECT queries and retrieve large or sensitive Snowflake result sets within the configured role's permissions.
Caller-provided SQL is passed through validation and then executed. This is central to the skill, but the artifacts do not show table allowlists, explicit user approval for broad reads, or containment beyond simple keyword checks and a default LIMIT.
validated_sql = validate_query(request.sql)
result = execute_query(validated_sql)Add allowlisted schemas/tables, require user confirmation for broad or sensitive queries, and use stronger SQL parsing and policy enforcement rather than only keyword filtering.
Users may overtrust the claimed read-only posture if they configure a role with broader privileges or if the database role is not independently restricted.
The documentation makes strong security assurances. The timeout is implemented, and DDL/DML are blocked by validation, but the artifacts do not create or enforce a read-only Snowflake role; they rely on whatever SNOWFLAKE_ROLE is configured in the environment.
- Read-only Snowflake role - No DDL/DML permissions - Statement timeout enforced
Clarify that read-only enforcement depends on Snowflake role configuration, include least-privilege setup instructions, and fail closed if the configured role is missing or not approved.
Dependency changes could affect reliability or security over time.
The Python dependencies are purpose-aligned but unpinned, so future installs could resolve different package versions.
fastapi uvicorn snowflake-connector-python python-dotenv pydantic
Pin dependency versions and use a lockfile or other reproducible install process.