Hologres Privileges
ReviewAudited by ClawScan on May 14, 2026.
Overview
This is a coherent Hologres permission-management reference, but it documents powerful database privilege changes that should be reviewed before running.
Install only if you need Hologres database privilege administration. Before running any generated SQL, verify the target database and account, review grants to PUBLIC or ALL TABLES carefully, and require explicit approval for SUPERUSER, DROP USER, ownership-transfer, and default-privilege changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad SQL command could grant, revoke, or alter database access.
The skill is intended to execute write-capable SQL through the Hologres CLI. This is purpose-aligned, but raw write SQL can materially change database access if the wrong target, schema, user, or command is used.
All SQL execution depends on `hologres-cli` commands (`hologres sql run --write`).
Preview the exact SQL and confirm the Hologres instance, database, schema, role, and affected users before allowing execution.
If applied incorrectly, users could receive excessive privileges or lose access, and database ownership or administration boundaries could be changed.
The instructions include creating, promoting, demoting, and deleting database users, including superuser-level authority. These actions match the privilege-management purpose but are high-impact.
CREATE USER "p4_1822780xxx" SUPERUSER; ... ALTER USER "p4_1822780xxx" SUPERUSER; ... DROP USER "p4_1822780xxx";
Use least-privilege role groups where possible, avoid SUPERUSER unless necessary, and require human confirmation for user deletion, ownership transfer, and superuser changes.
A default-privilege mistake could automatically expose future tables or functions to more users than intended.
Default privileges affect future database objects, and grants to PUBLIC can broaden access across many users. This is documented and purpose-aligned, but errors can propagate beyond the immediate command.
ALTER DEFAULT PRIVILEGES FOR ROLE "user1" IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC;
Prefer scoped role groups over PUBLIC, document default-privilege rules, and audit them after team or schema changes.
The safety of database operations depends partly on installing the intended Hologres CLI package.
The skill instructs the user to install an external CLI package, but the provided install metadata does not declare an install spec or required binary. This appears to be a normal prerequisite for the skill, not hidden execution.
pip install hologres-cli
Install the CLI from a trusted source, consider pinning a known-good version, and verify the CLI configuration before using it for write operations.