Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SQLBot
v1.0.0Manage SQLBot workspaces, datasources, ask-data flows, and dashboards, including listing and switching workspace or datasource context, asking questions agai...
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name and description (managing SQLBot workspaces, datasources, dashboards) match the bundled script's behavior, but the registry metadata lists no required environment variables or credentials while the SKILL.md and sqlbot_skills.py clearly require SQLBOT_BASE_URL, SQLBOT_API_KEY_ACCESS_KEY, and SQLBOT_API_KEY_SECRET_KEY. That mismatch between declared requirements and actual needs is an incoherence the user should be aware of.
Instruction Scope
SKILL.md gives concrete CLI mappings that run the included python script; instructions stay within the stated purpose (listing/switching workspaces, asking questions, exporting dashboards). The skill will check for and read a .env file and persists a local state file with current workspace/datasource. Exporting uses Playwright to drive a browser and attaches API authentication headers to the frontend preview page. Nothing in SKILL.md instructs broad unrelated data collection, but the skill executes a bundled script (so code will run locally) and can read .env files and write the state file — verify which paths are read/written (skill dir vs CWD).
Install Mechanism
There is no install spec (instruction-only skill that executes the included Python file). This lowers supply-chain risk compared with arbitrary downloads. However, exports require an optional Playwright/browser dependency (user is told to pip install playwright and playwright install chromium), which will run a headful/headless browser to render the preview page.
Credentials
The script legitimately needs SQLBot credentials and base URL to call the SQLBot APIs and to sign short-lived API tokens. Those are appropriately scoped to the stated purpose, but the registry metadata did not declare them as required env vars — a discrepancy. Additionally, the skill writes a skill-local state file (default .sqlbot-skill-state.json) and may read .env from the skill directory or current working directory (per README), so sensitive credentials could be read from or persisted near the skill if not configured carefully.
Persistence & Privilege
The skill does persist its own local state file but does not request elevated platform privileges or 'always' inclusion. disable-model-invocation is set true (so the model is blocked from autonomously invoking the skill), reducing autonomous blast radius. The skill does not declare modifications to other skills or system-wide settings.
What to consider before installing
Before installing: (1) Recognize the mismatch — the registry says no env vars, but the skill and its SKILL.md require SQLBOT_BASE_URL, SQLBOT_API_KEY_ACCESS_KEY, and SQLBOT_API_KEY_SECRET_KEY. Do not provide production/privileged API keys until you've inspected and tested. (2) Review sqlbot_skills.py source yourself (it is bundled) to confirm how it reads .env and where it writes the state file; explicitly set SQLBOT_STATE_FILE to a location you control if needed. (3) Exports use Playwright: the browser will load the SQLBot frontend preview and the script will attach authentication headers — be aware that rendering the page may cause third-party resources to be fetched; use a safe/test environment when trying exports. (4) Prefer testing against a local or staging SQLBot instance and short-lived API credentials. (5) Ask the publisher to update registry metadata to declare the required env vars and document exact .env lookup behavior (skill dir vs current dir). If you cannot verify these details, treat the skill as risky and avoid supplying sensitive keys.Like a lobster shell, security has layers — review code before you run it.
latestvk97105r6cetsv363x755vdfe0183ypv0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.