Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lucid Skill
v2.0.0AI-native data analysis via natural language. Connect Excel, CSV, MySQL, PostgreSQL data sources and query with SQL. Use when: (1) user asks to query, analyz...
⭐ 0· 104·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the code and runtime instructions: a CLI/MCP tool that connects CSV/Excel and relational DBs, builds a DuckDB-backed catalog, offers semantic search and read-only SQL. Required binary 'lucid-skill' and the listed install step align with providing this CLI.
Instruction Scope
SKILL.md limits scope to read-only SELECT/WITH queries and describes connecting local files and DBs and starting an MCP stdio server. This matches the source: the CLI and server handlers expose tools to connect sources, list/describe tables, and execute queries. Two items to note: (1) the CLI/server persist a catalog and semantic files under ~/.lucid-skill/ and advertises 'auto-restore' of previous connections — but passwords are claimed not to be stored (see environment_proportionality). (2) Several code paths interpolate file paths and SQL identifiers into DuckDB SQL via Python f-strings (e.g., read_csv_auto('path') and read_xlsx('path')), which can be brittle if inputs contain unexpected characters (single quotes) and could result in local SQL parsing issues or unintended behavior; this is a coding/escaping vulnerability rather than evidence of malicious intent.
Install Mechanism
Install spec uses a 'uv' package install of 'lucid-skill' and the skill bundle includes full Python source and a pyproject. There are no opaque remote-download URLs or URL shorteners in the install spec. The install approach is proportionate for a CLI tool; verify the uv package source/trust before installing.
Credentials
The skill declares no required environment variables or credentials, which is consistent. It documents optional env vars (LUCID_DATA_DIR, LUCID_EMBEDDING_ENABLED). Database credentials are accepted at connect-time (CLI options / tool params) and the CatalogStore strips 'password' before writing source config. Two cautions: (1) the 'auto-restore' feature raises the question of how DB connections are re-established without stored passwords — startup logic may attempt to restore only file-based sources or may fail for DBs (the code can surface failures). (2) Enabling embeddings triggers a large (~460 MB) model download from external model hosts when enabled; that requires network access and disk space and should be acceptable only if you trust the model source.
Persistence & Privilege
The skill persists a catalog and semantic YAML under ~/.lucid-skill/ (configurable via LUCID_DATA_DIR), and may download models into a models cache. It does not request elevated OS privileges or set always:true. The MCP server runs over stdio for integrations (expected) — be aware that autonomous agent invocation will allow the agent to call the tool handlers to access local files and databases if you grant it access.
Assessment
This skill appears to do what it says: a read-only data exploration CLI and MCP server. Before installing or connecting sensitive data: 1) Verify the package source for 'lucid-skill' (the uv install) and prefer pinned releases from a trusted registry. 2) Inspect startup.auto_restore_connections (or try a dry run) to confirm DB passwords are not persisted and to see which connections are auto-restored. 3) Be aware that enabling embeddings downloads a large model from the network — confirm the model source and allow adequate disk space. 4) Avoid passing untrusted/remote-controlled file paths; some connectors interpolate paths into SQL with simple f-strings and may behave incorrectly with specially crafted paths (e.g., containing single quotes). 5) Run the tool in an isolated environment or container if you intend to connect production databases. 6) If you do not want the agent to call the skill autonomously, restrict invocation policies in your agent/platform. If you want, I can: point to the exact lines that interpolate paths/identifiers, summarize startup.auto_restore behavior if you provide startup.py, or produce a short checklist to harden local deployment.Like a lobster shell, security has layers — review code before you run it.
latestvk97as4f5svfc83w8k13pf03hzx835jcx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binslucid-skill
Install
Install lucid-skill (uv)
Bins: lucid-skill
uv tool install lucid-skill