Instant DB
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real InstantDB admin integration, but it gives OpenClaw broad database admin powers, including deletes and raw transactions, without declared credential requirements or built-in safeguards.
Treat this as a powerful database-admin tool. Install it only if you want OpenClaw to read and change the selected InstantDB app, avoid production admin tokens unless necessary, require explicit confirmation before deletes or raw transactions, and pin/verify npm dependencies before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes the wrong command or receives bad instructions, it could modify or delete real InstantDB application data.
The CLI exposes destructive delete operations and raw transaction execution against caller-supplied data without artifact-shown confirmation, namespace scoping, validation, or rollback controls.
case 'delete': { ... await client.deleteEntity(entityId, namespace); ... } ... case 'transact': { const txs = JSON.parse(args[1]); const result = await client.transact(txs); }Use this only with explicit user approval for update/delete/transact operations, restrict it to intended apps and namespaces, and add confirmations or dry-run checks for destructive and bulk actions.
Installing and configuring this skill may give OpenClaw full admin-level access to an InstantDB app, including reading and mutating data.
The runtime uses an InstantDB admin token to initialize the admin SDK, while the registry metadata says there is no primary credential and no required environment variables.
const adminToken = process.env.INSTANTDB_ADMIN_TOKEN; ... this.db = init({ appId, adminToken });Declare the credential requirement in metadata, prefer the least-privileged token available, use separate dev/test apps where possible, and do not provide a production admin token unless that level of access is intended.
Future installs may resolve different dependency versions than the reviewed package, which can change behavior or introduce dependency risk.
The setup relies on external npm packages with caret version ranges, and no lockfile or install spec is provided in the artifacts.
"dependencies": { "@instantdb/admin": "^0.14.0", "ws": "^8.18.0" }Pin dependency versions with a lockfile or exact versions, publish an install spec, and verify the package source before using it with admin credentials.