ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Bytehouse Slow Query

v1.0.0

ByteHouse慢查询分析和性能优化工具,用于识别和分析慢查询、查询性能优化建议、查看查询执行计划、分析查询历史趋势。当用户需要识别和分析ByteHouse数据库中的慢查询、查询性能优化建议、查看查询执行计划、分析查询历史趋势时,使用此Skill。

0· 53·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, and included script all focus on ByteHouse slow-query analysis and depend on an MCP Server client—this is coherent. However, the registry metadata declares no required binaries or env vars, while SKILL.md and the script both expect/use external tooling (uv / uvx) and ByteHouse credentials. The missing declaration of those runtime requirements is an inconsistency.
!
Instruction Scope
SKILL.md instructs users to set ByteHouse connection env vars and to run the script with 'uv', but the runtime script launches a separate MCP stdio client process and will forward all environment variables to that subprocess. The script also constructs SQL queries against system.query_log (expected for this tool), but it does not limit or sanitize which environment variables are exposed to the external mcp server process — this could leak unrelated secrets from the agent environment.
!
Install Mechanism
There is no install spec, but the script sets StdioServerParameters.command to '/root/.local/bin/uvx' and includes args that reference a git+https URL (github.com/volcengine/mcp-server@main#subdirectory=server/mcp_server_bytehouse). At runtime this will cause dynamic fetching/execution of code via a tooling executable (uvx). Fetching and executing remote code at runtime is higher risk even if the host is GitHub; additionally the SKILL.md claims 'uv' lives at /root/.local/bin/uv while the script uses /root/.local/bin/uvx — an inconsistency that should be clarified.
!
Credentials
SKILL.md asks only for ByteHouse-related env vars (BYTEHOUSE_HOST, BYTEHOUSE_PORT, BYTEHOUSE_USER, BYTEHOUSE_PASSWORD, BYTEHOUSE_SECURE, BYTEHOUSE_VERIFY), but the script copies os.environ.copy() and passes the entire environment into the external MCP process. The registry metadata declared no required env, so required credentials are not surfaced in metadata. Passing the entire agent environment can expose unrelated secrets to the spawned process and any remote code it downloads/executes.
Persistence & Privilege
The skill is user-invocable and not marked always:true, and there is no evidence it modifies other skills or global config. However, its runtime behavior (launching a subprocess that may fetch and run remote code, and forwarding the entire environment) increases blast radius while running — run-time privileges are higher than what the metadata indicates.
What to consider before installing
Before installing or running this skill: - Verify prerequisites and binaries: confirm whether the agent environment actually has 'uv' or 'uvx' at the paths referenced. The SKILL.md and script disagree (uv vs uvx); ask the author which is required. - Inspect the bytehouse-mcp dependency: the script will ask a subprocess to fetch and run code from github.com/volcengine/mcp-server at runtime. Review that repository/subdirectory yourself and prefer a pinned, reviewed release rather than on-the-fly git+https installs. - Limit environment exposure: the script forwards os.environ.copy() to the MCP subprocess. Do not run this in an environment containing unrelated secrets (cloud keys, tokens). Ideally modify the script to pass only the explicit ByteHouse variables it needs. - Treat as untrusted until verified: run the tool in an isolated environment (ephemeral VM or container) with only the minimal ByteHouse credentials and no other sensitive env vars. - Ask the publisher to: (1) declare required binaries and env vars in metadata, (2) remove or restrict passing the full environment, (3) avoid dynamic remote code execution or use a pinned release/tarball from a known release tag. - If you cannot verify these points, do not run this skill against production systems or environments containing sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ddhj15wempv2dfwwyjg4pjn83nawx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments