← Back to Skills Marketplace
jasydongo

MySQL Administration

by jasydongo · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
364
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mysqladm
Description
Manage MySQL databases via mysql CLI or Python mysql-connector, supporting queries, schema changes, backups, performance analysis, and user permissions.
Usage Guidance
This skill appears to implement MySQL admin tasks, but there are gaps and risky patterns you should consider before installing or running it: - Credentials: The skill expects MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE, etc., but the registry metadata does not declare these. Treat this as requiring sensitive DB credentials. - Inspect before running: The bundled scripts call mysqldump/mysql and use eval and unquoted variables; this can enable command injection if any argument is attacker-controlled. Review the scripts and avoid passing untrusted input. - Secret exposure: Passwords are passed on the command line (e.g., -p$PASSWORD), which can appear in process lists. Prefer using option files, protected environment variables handled by the platform, or mysql client config files with restricted permissions. - Environment impact: QUICKSTART suggests sudo systemctl start mysql and references a hard-coded test path (/home/clawbot/...), so run tests in an isolated environment (container or VM), not against production systems. - Ask the author or maintainer to: (1) declare required env vars/credentials in the skill metadata, (2) avoid eval and quote arguments properly, (3) avoid printing secrets and using passwords on the command line, and (4) explain the {baseDir} substitution and any test scripts referenced. If you must use it now, run in a sandbox with non-production credentials and back up targets first. If you are not comfortable reviewing shell scripts yourself, do not run this skill with privileged credentials or on production systems.
Capability Analysis
Type: OpenClaw Skill Name: mysqladm Version: 0.1.0 The skill bundle contains several shell scripts (`mysql_query.sh`, `mysql_backup.sh`, and `mysql_restore.sh`) that use the `eval` command to execute shell strings constructed directly from input arguments. This pattern creates a significant shell injection vulnerability, potentially allowing an attacker (or a manipulated AI agent) to achieve Remote Code Execution (RCE) on the host system. While the bundle's functionality aligns with its stated purpose of MySQL administration, the lack of input sanitization in these core scripts represents a high-risk security flaw.
Capability Assessment
Purpose & Capability
The skill's name, description, included scripts, and references align with MySQL administration (queries, backup/restore, performance). The embedded SKILL.md metadata correctly lists required binaries (mysql, mysqldump, mysqlcheck) and optional python3. However, the registry metadata reported 'no required env vars' while the runtime instructions and scripts expect MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE, etc. — a mismatch between declared requirements and actual needs.
Instruction Scope
The SKILL.md instructs the agent to read and use database credentials from environment variables and to run local system commands (e.g., sudo systemctl start mysql in QUICKSTART and a hard-coded path /home/clawbot/openclaw/test_mysqladm_skill.sh). The shipped scripts build shell commands from user-provided inputs and use eval in places (backup/restore/query scripts), which increases the risk of command injection if inputs are not strictly validated. The instructions also reference {baseDir} for bundled scripts but do not document how it is set; the skill may attempt to run those scripts with whatever credentials are provided.
Install Mechanism
This is instruction-plus-scripts (no network install/spec that downloads code at runtime). The SKILL.md includes optional apt/brew install guidance for the mysql client, which is appropriate and from normal package managers. No external URLs, shorteners, or archive extraction are used.
Credentials
Although the registry metadata lists no required environment variables or primary credential, the skill requires DB credentials and host/port settings at runtime (MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, MYSQL_DATABASE). That omission is a meaningful coherence issue: the skill will need sensitive credentials to operate but does not declare them. The scripts accept passwords on the command line and embed them into commands (mysqldump/mysql -pPASSWORD), which could expose secrets in process listings. Multiple env/config references (and a hard-coded local test path) are present without being declared.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not modify other skills or system-wide settings in its code. However, QUICKSTART suggests using sudo to start the mysql service — running with elevated privileges is a runtime consideration for the user, not an installation-time privilege request.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mysqladm
  3. After installation, invoke the skill by name or use /mysqladm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: MySQL database management with query execution, backup/restore, performance analysis, and user management capabilities. Includes 3 utility scripts and comprehensive documentation.
Metadata
Slug mysqladm
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is MySQL Administration?

Manage MySQL databases via mysql CLI or Python mysql-connector, supporting queries, schema changes, backups, performance analysis, and user permissions. It is an AI Agent Skill for Claude Code / OpenClaw, with 364 downloads so far.

How do I install MySQL Administration?

Run "/install mysqladm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MySQL Administration free?

Yes, MySQL Administration is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MySQL Administration support?

MySQL Administration is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MySQL Administration?

It is built and maintained by jasydongo (@jasydongo); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments