Instant DB
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes the wrong command or receives bad instructions, it could modify or delete real InstantDB application data.
The CLI exposes destructive delete operations and raw transaction execution against caller-supplied data without artifact-shown confirmation, namespace scoping, validation, or rollback controls.
case 'delete': { ... await client.deleteEntity(entityId, namespace); ... } ... case 'transact': { const txs = JSON.parse(args[1]); const result = await client.transact(txs); }Use this only with explicit user approval for update/delete/transact operations, restrict it to intended apps and namespaces, and add confirmations or dry-run checks for destructive and bulk actions.
Installing and configuring this skill may give OpenClaw full admin-level access to an InstantDB app, including reading and mutating data.
The runtime uses an InstantDB admin token to initialize the admin SDK, while the registry metadata says there is no primary credential and no required environment variables.
const adminToken = process.env.INSTANTDB_ADMIN_TOKEN; ... this.db = init({ appId, adminToken });Declare the credential requirement in metadata, prefer the least-privileged token available, use separate dev/test apps where possible, and do not provide a production admin token unless that level of access is intended.
Future installs may resolve different dependency versions than the reviewed package, which can change behavior or introduce dependency risk.
The setup relies on external npm packages with caret version ranges, and no lockfile or install spec is provided in the artifacts.
"dependencies": { "@instantdb/admin": "^0.14.0", "ws": "^8.18.0" }Pin dependency versions with a lockfile or exact versions, publish an install spec, and verify the package source before using it with admin credentials.