sql-reflect
v1.0.0快速定位 SQL 语句在 PHP/Laravel 代码中的触发位置,通过分析 SQL 结构反向追踪到具体的代码文件、方法和行号
⭐ 0· 84·0 current·0 all-time
bywill_lin@willing-lin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (locate SQL trigger points in PHP/Laravel) align with the instructions: extracting table/field patterns and searching app/ and Models for matching code. The mapping table and Laravel conventions used are appropriate for the stated goal.
Instruction Scope
The SKILL.md explicitly instructs using grep and searching the repository (app/, Models, etc.). The skill metadata did not list required binaries but the instructions assume filesystem access and availability of grep; the agent must have read access to the project files (app/ and Models) for the skill to work. This is reasonable but worth noting: the skill will read source files and may present multiple candidate locations that need human review.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing will be written to disk or downloaded during install.
Credentials
The skill declares no environment variables, credentials, or config paths and the instructions do not request any secrets. This is proportionate to the stated purpose.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent privileges or modify other skills/system settings.
Assessment
This skill is coherent and doesn't request credentials or installs, but it operates by reading your codebase. Before using it: 1) Confirm the agent running the skill has read access only to the repository (app/, Models) you want searched — avoid granting broad system access. 2) Ensure your environment has standard tools (grep) available, since SKILL.md assumes they exist. 3) Treat results as pointers: the skill may return multiple candidates or false positives (especially for dynamically built SQL, raw DB queries, or third-party packages), so review suggested file/method locations manually before making code changes. 4) Do not supply production DB credentials or run code the agent recommends without inspection. If you want stricter guarantees, ask the skill author to declare required binaries (grep) explicitly and to include exact search commands so you can review them ahead of time.Like a lobster shell, security has layers — review code before you run it.
latestvk975b6mm6ne1kad7r1ahcx4th183xd7p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.