Hologres Slow Query Analysis
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a coherent Hologres diagnostics guide, but it includes broad, persistent database privilege-granting instructions that users should review carefully before running.
Install only if you are comfortable reviewing and running database administration commands manually. Prefer read-only or narrowly scoped permissions, avoid granting SUPERUSER unless an administrator explicitly approves it, verify any log export destination and retention policy, and do not apply database-level logging or retention changes automatically.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, an account could gain broad administrative or cross-database log visibility beyond the immediate diagnostic task.
The skill presents persistent database privilege-granting commands, including SUPERUSER, as part of the setup for viewing logs. This is broader authority than many slow-query investigations need and is not paired with explicit approval or revocation guidance.
ALTER USER "cloud_account_id" SUPERUSER; ... GRANT pg_read_all_stats TO "cloud_account_id"; ... CALL spm_grant('<db_name>_admin', 'cloud_account_id');Prefer the least-privileged option needed for the task, avoid SUPERUSER unless absolutely necessary, get explicit user/admin approval, and document/revoke any temporary grants after analysis.
Changing retention or logging settings can affect future diagnostics, auditing, and availability of historical query logs.
The skill documents database-level configuration changes that can alter logging behavior and immediately remove expired logs. This is relevant to log management, but users should understand the operational effect before applying it.
ALTER DATABASE dbname SET hg_query_log_retention_time_sec = 604800; ... Expired logs are cleaned immediately (not async)
Confirm the target database and retention/logging values before applying changes, and keep a rollback plan for any database-level settings.
SQL text, user names, error messages, query plans, and other operational details may be retained or shared outside the original Hologres log table.
The export workflow copies query log contents, including SQL text and plans, into MaxCompute with a long lifecycle. This is disclosed and purpose-aligned, but it moves potentially sensitive operational data to another storage boundary.
Export to MaxCompute ... query STRING COMMENT 'Query text' ... plan STRING COMMENT 'Query plan' ... LIFECYCLE 365; ... INSERT INTO mc_holo_query_log SELECT ... query ... plan ... FROM hologres.hg_query_log
Export only the needed time range and fields, verify MaxCompute permissions and retention, and avoid exporting sensitive query text unless required.
Installing an unpinned package may pull a newer or unexpected version of the CLI.
The skill requires installing an external CLI package without a pinned version. This is central to the stated Hologres CLI workflow, but it is still a supply-chain consideration.
pip install hologres-cli
Install hologres-cli from a trusted package source, consider pinning a known-good version, and review the CLI's permissions and configuration before use.