Hologres Cli
ReviewAudited by ClawScan on May 14, 2026.
Overview
This appears to be a legitimate Hologres database CLI skill, but it should be reviewed before use because it installs external code of unclear provenance that will handle database/OSS credentials and can make destructive or persistent data changes.
Before installing, verify the hologres-cli package source and pin a reviewed version. Start with a least-privileged Hologres profile, keep config and history files protected, and require explicit confirmation before any write, drop, truncate, import-with-truncate, GUC set, or file upload operation.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may end up trusting unreviewed external code with production database and OSS credentials.
The skill delegates runtime behavior to an external package install rather than reviewed code in the artifact set; this matters because the documented CLI will handle database/OSS credentials and can mutate database state.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Verify the pip package publisher/source and review or pin the exact package version before using it with real credentials or production databases.
If invoked with write or confirm flags, the agent can modify, delete, or truncate database data.
The CLI supports raw SQL write operations that can change or delete database data, but the documentation describes explicit write flags and WHERE safeguards.
Write operations Requires `--write` flag. ... `UPDATE` (must have WHERE) ... `DELETE` (must have WHERE)
Use read-only queries by default, require explicit user approval for write/destructive commands, and prefer least-privileged database accounts.
The CLI can act with the privileges of the configured Hologres/OSS credentials.
The skill expects local profiles containing database and cloud access credentials, which is purpose-aligned for a database CLI but high-impact.
Settable keys: `region_id`, `instance_id`, `nettype`, `auth_mode`, `access_key_id`, `access_key_secret`, `username`, `password`, `database`, ...
Use a dedicated low-privilege profile where possible, protect ~/.hologres/config.json, and avoid entering secrets in shared terminals or logs.
Sensitive query content may remain on disk after the task is complete.
The documented audit log persists SQL text locally; SQL statements may contain sensitive table names, filters, or literal values.
All commands logged to `~/.hologres/sql-history.jsonl` ... Includes: timestamp, command, SQL, result status
Review and protect the history file, avoid embedding secrets in SQL, and clear logs when working with sensitive data.
Selected local images or videos may be transferred to cloud storage or provider-side AI services.
The AI/media commands can upload user-selected local files to a configured OSS volume for use by Hologres AI functions.
With local file (requires `--upload-volume`) ... `--reference-url` ... local file path
Only use local file inputs that are intended for upload, and verify the target volume and network option before running media commands.