Security Audit

sql-writer

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sql-writer received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependency and arbitrary code execution via `npx`, External transmission of potentially sensitive data.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Unpinned external dependency and arbitrary code execution via `npx` The skill documentation recommends using `npx ai-sql` which executes an external package from the npm registry without specifying a version. This creates a critical supply chain risk, as a malicious update to the `ai-sql` package could lead to arbitrary code execution on the host system. Furthermore, if the host LLM or a user executes these commands, it directly runs untrusted code, posing a command injection threat. Implement strict sandboxing for any execution of `npx` or similar package manager commands. Always specify a pinned version for `npx` commands (e.g., `npx ai-sql@1.2.3`) to mitigate supply chain risks. Validate and sanitize all inputs passed to external tools. Advise users to audit the `ai-sql` package before execution.	LLM	SKILL.md:10
MEDIUM	External transmission of potentially sensitive data The `ai-sql` tool, as described in the skill, sends natural language queries and optional database schema information to an external AI model for processing. If sensitive data (e.g., PII in queries, detailed schema of confidential databases) is provided as input, it will be transmitted to a third-party service, which could pose privacy and data security risks depending on the service's policies and security posture. Advise users to avoid passing sensitive or confidential information to the `ai-sql` tool, especially when providing schema context. Recommend reviewing the privacy policy and security practices of the underlying AI service used by `ai-sql`.	LLM	SKILL.md:59

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/25be164cfa2fa94f.svg)](https://skillshield.io/report/25be164cfa2fa94f)