Skillv0.1.0

ClawScan security

Sql Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 11, 2026, 8:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only SQL optimization specialist whose requirements and instructions are internally consistent with its stated purpose.
Guidance: This skill is coherent and low-risk as delivered (instruction-only). Before using it with live systems: avoid pasting production credentials or large sensitive dumps into the agent; prefer read-only replicas or sanitized sample data and EXPLAIN/ANALYZE outputs; review any generated DDL/DML before running it (queries could modify data if you run them); and restrict any database credentials you do provide to least-privilege roles. If you need the agent to run queries against your DB, use a monitored, limited-permission account or an isolated test environment.

Purpose & Capability: okName/description (SQL optimization, schema design, EXPLAIN analysis) match the included guidance files and the SKILL.md role/instructions. There are no unrelated env vars, binaries, or config requests.
Instruction Scope: okSKILL.md confines the agent to analyzing queries, execution plans, schema and indexing strategies using the bundled reference docs. It does not direct the agent to read system files, environment variables, or exfiltrate data to external endpoints. It assumes the user supplies schemas, EXPLAIN output, or sample data for analysis.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. That is proportionate for a documentation/assistant skill focused on SQL guidance.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent system-level presence or modify other skills. Autonomous invocation is allowed by platform default but is not itself unusual.