critical
suspicious.exposed_secret_literal
- Location
- references/sdk-api.md:537
- Finding
- File appears to expose a hardcoded API secret or token.
Mindsdb Mcp Skill
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A mistaken prompt, model error, or ambiguous request could cause the agent to run harmful SQL, expose sensitive query results, or change connected data sources.
Why it was flagged
The skill instructs the agent to generate and execute SQL and perform database management/import/export operations, but the artifacts do not define explicit approval gates, read-only defaults, or safeguards for mutating or exporting data.
Skill content
Agent自动生成并执行SQL / Agent automatically generates and executes SQL ... 创建和管理数据库 ... 数据导入导出
Recommendation
Use least-privilege/read-only database credentials by default, require user confirmation before CREATE/UPDATE/DELETE/DROP/IMPORT/EXPORT or model-deployment actions, and have the agent show generated SQL before execution.
Concern
ASI08: Cascading FailuresWhat this means
An agent-driven mistake could propagate into production models, monitoring, CI/CD, or data pipelines and affect business operations beyond a single query.
Why it was flagged
The skill’s own evals include production deployment and monitoring as expected behavior, which can affect live systems if not staged, approved, or reversible.
Skill content
"prompt": "部署模型到生产环境并配置监控", "expected_output": "应该部署模型,配置性能监控、数据漂移检测和告警规则"
Recommendation
Restrict production operations to explicit user-approved workflows, require staging/dry-run steps, document rollback procedures, and separate production credentials from exploratory analysis credentials.
What this means
If broad tokens are configured, the agent may be able to access many databases or SaaS sources through MindsDB.
Why it was flagged
MindsDB access tokens/API keys are expected for this integration, but they grant access to connected data sources and are not declared in the registry metadata.
Skill content
"authorization_token": "your-mindsdb-token" ... "url": "https://cloud.mindsdb.com/mcp/sse?api_key=your-api-key"
Recommendation
Create narrowly scoped MindsDB/API credentials, avoid placing real secrets in prompts or shared files, prefer environment variables or secret managers where supported, and rotate keys if exposed.
What this means
Users are trusting external packages and whatever versions are current at install time.
Why it was flagged
The install instructions rely on external PyPI/npm packages without pinned versions. This is normal for a MindsDB setup, but the executable code is outside the instruction-only skill artifacts.
Skill content
pip install mindsdb ... npm install -g @mindsdb/mcp-server
Recommendation
Install from official MindsDB sources, pin known-good versions in controlled environments, and review package provenance before using with sensitive data.
What this means
Imported private documents may persist in a knowledge base and later influence answers; malicious or outdated documents could also poison responses.
Why it was flagged
The skill supports building persistent RAG knowledge bases from imported documents. This is purpose-aligned, but the artifacts do not describe retention, deletion, path exclusions, or how retrieved content is prevented from becoming over-trusted instructions.
Skill content
知识库构建(RAG)... 向量存储和检索 ... 文档导入和管理 ... 智能问答Agent
Recommendation
Only ingest approved documents, separate sensitive knowledge bases by project, document deletion/retention controls, and treat retrieved document text as data rather than instructions.
What this means
Multiple agents or tools could share the same MindsDB access and see or act on the same connected data sources.
Why it was flagged
The documentation includes optional CrewAI/multi-agent MCP examples where agents share access to the MindsDB MCP endpoint. This is a normal integration pattern but requires clear boundaries between agents and credentials.
Skill content
mcps=[f"https://cloud.mindsdb.com/mcp?api_key={os.getenv('MINDSDB_API_KEY')}"] ... 完整示例:多Agent协作Recommendation
Use separate credentials per agent or role, limit each agent to the minimum tools/data sources needed, and avoid embedding API keys in URLs that may be logged.