Back to skill
Skillv1.0.0
ClawScan security
Sql Optimization Patterns · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 6:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only SQL optimization guide whose content, requirements, and absence of installs/credentials are consistent with its stated purpose.
- Guidance
- This skill is essentially a documentation/guide for SQL optimization and appears internally consistent. Before using: (1) don't paste production DB credentials or connection strings into any chat unless you trust the agent and have vetted access controls; (2) run EXPLAIN/EXPLAIN ANALYZE and any suggested CREATE INDEX statements in a staging/replica environment first — EXPLAIN ANALYZE executes queries and can load production systems; (3) treat DDL (CREATE/ALTER INDEX) as changes that may need scheduling and careful rollback planning; (4) if you expect the agent to act autonomously, ensure policies prevent it from executing SQL directly against production without your approval. If you need higher assurance, ask the skill author for explicit safety notes about running statements on production and for example safeguards (transactions, timeouts, read-only replicas).
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md content: EXPLAIN analysis, indexing strategies, pagination, N+1 fixes, and example SQL/Python snippets. The skill requests no unrelated binaries, credentials, or installs.
- Instruction Scope
- noteInstructions stay within database optimization topics and include SQL and small client-side examples. They recommend running EXPLAIN/EXPLAIN ANALYZE and CREATE INDEX statements (which are expected). The doc does not instruct accessing files, environment variables, or external endpoints. It also lacks explicit warnings about running heavy ANALYZE or DDL statements on production systems—users should take standard DB safety precautions.
- Install Mechanism
- okNo install spec and no code files — the skill is instruction-only, so nothing will be written to disk or fetched during install.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportional to a documentation/guide-style skill.
- Persistence & Privilege
- okalways:false and default model invocation are set. The skill does not request persistent presence or elevated platform privileges and does not modify other skills or system configs.