ClawHub

Sql Optimization Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a SQL performance reference skill with database-changing examples that require care, but it contains no hidden code, install hooks, persistence, or exfiltration behavior.

Safe to install as a reference skill. Before running any suggested SQL on a real database, especially CREATE INDEX, batch UPDATE, COPY, partitioning, materialized view refreshes, VACUUM FULL, REINDEX, or planner SET commands, test in staging, check backups, review lock and storage impact, benchmark the change, and use maintenance windows or online/concurrent alternatives where supported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes destructive maintenance commands such as VACUUM FULL and REINDEX operations in a best-practices section without clearly warning that they can lock tables, consume significant resources, and cause downtime in production. In a performance-tuning skill, users may copy commands directly, so omission of operational safety guidance creates a real risk of accidental service disruption.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill recommends session-level optimizer and planner settings like changing parallel worker counts and disabling nested loops, but does not warn that these changes can materially alter query plans, performance characteristics, and debugging outcomes. While not inherently malicious, presenting them as optimization techniques without guardrails can mislead users into applying unstable tuning changes in shared or production environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal