Hologres Bsi Profile Analysis
ReviewAudited by ClawScan on May 14, 2026.
Overview
This appears to be a legitimate Hologres BSI analysis guide, but it uses an external CLI and database write commands, so users should verify the target database, permissions, and data sensitivity before use.
Before installing or using this skill, verify the hologres-cli package source, connect only to the intended Hologres instance, review every '--write' SQL command, and ensure the generated UID dictionary, bitmap, and BSI tables are protected according to your privacy and data-governance requirements.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the wrong or compromised CLI package could affect the local environment or database workflows.
The skill requires installing an external Python CLI package, but no version is pinned. This is purpose-aligned for Hologres access, yet users should verify package provenance.
pip install hologres-cli
Install hologres-cli from a trusted source, consider pinning a known-good version, and review the package before using it with production credentials.
If run against the wrong database or schema, the commands could create extensions, create tables, or insert derived data in unintended places.
The skill documents raw SQL execution through a CLI, including write-enabled execution. This is expected for table setup and data import, but it can change a Hologres database.
All SQL execution depends on `hologres-cli` commands (`hologres sql run --write`).
Confirm the target Hologres instance, database, schema, and SQL text before allowing any '--write' command to run.
A highly privileged database account could make broader changes than intended if commands are misapplied.
The workflow requires a Hologres account with DDL/DML write privileges. That is appropriate for the stated setup tasks, but it is high-impact authority.
需要 DDL 写权限:`hologres sql run --write "CREATE EXTENSION ..."`
Use least-privilege database credentials where possible and avoid running setup commands with broader production admin rights unless necessary.
Derived bitmap/BSI tables may expose audience segments, identifiers, demographics, or GMV behavior if database access is too broad.
The skill creates persistent derived profile indexes from UID, attribute, and behavior tables. This is the intended function, but those indexes can represent sensitive user or business data.
Build `rb_tag` from `dws_userbase` + `dws_uid_dict` using `rb_build_agg()`. Build `bsi_gmv` from `usershop_behavior` + `dws_uid_dict` using `bsi_build()`.
Apply appropriate access controls, retention policies, and privacy review to the source tables and generated profile-index tables.