Database Query Best Practices
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a database safety guide, but it includes commands that can forcibly stop local apps or production database sessions if run without review.
Install/use this only as guidance, not as permission for automatic cleanup. Before running any pkill, Railway, psql, or pg_terminate_backend command, confirm the target project, inspect affected processes or database sessions, and prefer graceful shutdowns and least-privilege database access.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run automatically or carelessly, these commands could stop unrelated local Node processes, interrupt dev work, or disconnect production database clients.
The skill instructs the agent/user to run broad force-kill shell commands and a production-impacting PostgreSQL backend termination command. These are purpose-related emergency actions, but the artifact does not require explicit user approval, process inspection, or narrow targeting before execution.
pkill -9 -f "npm run dev" ... pkill -9 node ... SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = 'railway'
Treat these as manual last-resort actions. Confirm with the user, inspect affected processes/sessions first, prefer graceful shutdowns, and verify the target Railway project and database before terminating anything.
Queries or administrative commands may run against the linked Railway project with whatever database privileges the current account has.
The recommended workflow relies on authenticated Railway CLI access and database privileges. This is expected for Railway PostgreSQL querying, but it means actions are performed under the user's Railway/project permissions.
railway login ... railway link ... railway run psql -c "SELECT COUNT(*) FROM users ..."
Use least-privilege or read-only database access when possible, verify the linked Railway project before running commands, and avoid production-impacting SQL unless explicitly approved.