TiDB Cloud Zero
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill appears to do what it claims: create a temporary TiDB Cloud database, with normal cautions around cloud access, generated credentials, and optional embedding-provider keys.
This looks safe to install if you want a disposable TiDB database. Before use, confirm you intend to create a cloud database, keep returned connection strings private, use TLS, avoid sensitive data in unclaimed disposable instances, and use limited or throwaway API keys for optional BYOK embedding features.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create a temporary cloud database and return connection details to the agent session.
The skill directs the agent to make an external API call that creates a TiDB Cloud database. This is disclosed and central to the skill, but it is still an external resource-creation action.
**POST** `https://zero.tidbapi.com/v1beta1/instances`
Use it only when a temporary TiDB database is intended, and avoid storing sensitive data unless you understand the expiration and claim behavior.
Anyone who obtains the connection string or password could access the disposable database while it exists.
The API response includes database credentials that the agent may handle. This is expected for database provisioning, but the credentials grant access to the created instance.
"connection": { "host": "<HOST>", "port": 4000, "username": "<USERNAME>", "password": "<PASSWORD>" }Keep connection strings private, use TLS as the skill recommends, and do not treat credentials as harmless if you store real data in the database.
A provider API key placed into the database configuration could be used for embedding calls and may carry billing or account-access implications.
The optional BYOK embedding instructions show third-party API keys being set as TiDB global variables. This is purpose-aligned for BYOK embeddings, but it expands credential handling beyond the no-auth database-provisioning flow.
SET @@GLOBAL.TIDB_EXP_EMBED_OPENAI_API_KEY = "<OPENAI_API_KEY>";
Use restricted or temporary provider keys, confirm TiDB's retention and access behavior, and avoid pasting long-lived production keys unless necessary.
Text embedded through these SQL functions may be processed by TiDB Cloud or an external embedding provider.
The auto-embedding reference describes hosted and BYOK embedding providers. This is disclosed and relevant to the feature, but text sent for embedding may cross a cloud/provider boundary.
Hosted model example: `tidbcloud_free/amazon/titan-embed-text-v2` ... BYOK providers are supported ... OpenAI, Cohere
Do not embed confidential text unless the chosen provider and data-handling policy are acceptable for your use case.