Hologres Uv Compute
ReviewAudited by ClawScan on May 14, 2026.
Overview
The provided artifacts look like a coherent Hologres analytics guide, but it includes write-capable database commands and a manual CLI install that users should review before using on production data.
Install only if you intend to build Hologres UV/PV pipelines. Verify the hologres-cli package, use a test or least-privileged Hologres account first, review all SQL before execution, and be especially careful with overwrite refreshes and queries that reveal individual user IDs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken execution could change or replace database-derived table data and consume production compute resources.
The skill documents an overwrite refresh operation that can replace existing dynamic-table partition data. This is relevant to the stated Hologres pipeline purpose, but it is high-impact if run against the wrong database or partition.
-- Refresh with OVERWRITE (replace existing data) REFRESH OVERWRITE DYNAMIC TABLE dt_dws_app_rb
Review SQL, confirm the target database/schema/partition, and require explicit user approval before running write or overwrite operations.
Users with database access could expose individual identifiers rather than only aggregate counts.
Although the main workflow is aggregate UV/PV analytics, the reference includes a query that can return underlying user IDs from a bitmap.
-- Example: get all user IDs from a bitmap SELECT RB_TO_ARRAY(rb_uid) FROM dt_dws_app_rb LIMIT 1;
Use least-privileged Hologres roles and avoid UID-inspection functions unless the user is authorized to view individual identifiers.
Installing an unpinned package can introduce dependency or provenance risk if the wrong package source is used.
The skill requires a manual pip-installed CLI dependency, while the registry declares no install spec. This appears central to the purpose, but users should verify the package source/version.
pip install hologres-cli export HOLOGRES_SKILL=hologres-uv-compute
Install hologres-cli from a trusted source, consider pinning a known-good version, and use an isolated environment where possible.