← Back to Skills Marketplace
lnguyen1996

SQL Query Reviewer

by Lnguyen1996 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
186
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sql-query-reviewer
Description
Reviews SQL queries for correctness, security risks, and performance issues; provides a structured report with severity ratings and optimized rewrites.
README (SKILL.md)

sql-query-reviewer

Description

Review SQL queries across any dialect for correctness, performance, and security. Finds N+1 patterns, missing indexes, injection risks, cartesian joins, and implicit type casts. Returns a structured report with severity ratings and optimized rewrites.

Use when

  • "optimize this query"
  • "is this SQL safe"
  • "why is my query slow"
  • "check my SQL"
  • "is this injection-safe"
  • Any raw SQL query, ORM-generated SQL, or migration file

Supported dialects

PostgreSQL, MySQL, SQLite, SQL Server (T-SQL), Oracle, BigQuery, Snowflake — and any ANSI SQL.

Input

Paste the SQL query or queries. Optionally specify:

  • Dialect (defaults to generic ANSI SQL)
  • Approximate table sizes (helps with index advice)
  • Whether this is in a hot path (e.g., called on every request)
  • ORM in use (if applicable)

Output format

## SQL Query Review

### Critical (fix before production)
- [Finding] — [why this causes bugs or data loss]
  ✗ Before: [problematic SQL]
  ✓ After:  [corrected SQL]

### Performance (should fix)
- [Finding] — [estimated impact]
  ✗ Before: [slow SQL]
  ✓ After:  [optimized SQL]

### Suggestions (nice to have)
- [Finding] — [explanation]

### What's correct
- [Specific patterns done right]

### Summary
[2–3 sentences: biggest risk, top fix, index recommendations if any]

Review checklist

Correctness

  • NULL comparison using = instead of IS NULL
  • NOT IN with a subquery that can return NULLs — always false
  • UNION instead of UNION ALL when duplicates are acceptable (unnecessary dedup)
  • Wrong join type: INNER when LEFT needed, or vice versa
  • Cartesian join (missing ON clause or cross join without intent)
  • Aggregate without GROUP BY on non-aggregated columns
  • Incorrect use of HAVING vs WHERE
  • Date/time arithmetic in wrong timezone

Security

  • String interpolation into query — SQL injection risk
  • User-supplied value in ORDER BY, LIMIT, table/column name
  • Missing parameterisation in dynamic SQL
  • Overly broad SELECT * that exposes sensitive columns
  • Missing row-level security filter

Performance

  • SELECT * when only specific columns needed (excess data transfer)
  • Missing WHERE clause on large table scan
  • LIKE '%value%' — can't use index (leading wildcard)
  • Function applied to indexed column in WHERE — defeats index
  • N+1: query inside a loop that could be a single JOIN
  • Missing index on foreign key or frequently filtered column
  • Subquery that re-executes per row — use CTE or JOIN instead
  • ORDER BY RAND() or equivalent — full table scan
  • Unbounded result set with no LIMIT

Style

  • Inconsistent case (keywords, identifiers)
  • Ambiguous column reference without table alias
  • Long query with no CTEs to break it into readable steps
  • Magic number with no comment explaining it

Severity definitions

  • Critical: Correctness bug (wrong results), injection risk, or data loss — fix before production
  • Performance: Causes slow queries, full scans, or poor scalability — fix before release
  • Suggestion: Readability, maintainability, or defensive coding improvement

Self-improvement instructions

After each review, note the most common finding. After 20 reviews, surface the top 3 SQL anti-patterns seen as "Most common SQL issues" at the top of the response.

Usage Guidance
This skill is coherent and appears to do static SQL review only. Before installing: (1) avoid pasting sensitive production data (passwords, full PII) into queries you submit; (2) if you are uncomfortable with the 'self-improvement' behavior, check whether your agent stores review counts or shared memory — the skill's instructions expect the agent to track counts but do not specify where; (3) remember the skill is not connecting to your database — it cannot run queries or validate runtime plans, so provide approximate table sizes or explain hot-path context when you need realistic index advice; (4) prefer using on-prem or vetted tools if you need guaranteed data privacy. Overall this skill is consistent with its stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: sql-query-reviewer Version: 1.0.0 The skill bundle is a standard SQL query review tool designed to analyze queries for performance, security, and correctness. The SKILL.md file contains comprehensive checklists for identifying SQL injection, N+1 patterns, and missing indexes, and it includes a benign self-improvement instruction for the agent to track common anti-patterns over time. There is no evidence of malicious code, data exfiltration, or harmful prompt injection.
Capability Assessment
Purpose & Capability
The name/description (review SQL for correctness, security, performance) matches the SKILL.md instructions. No unrelated environment variables, binaries, or install steps are required. The lack of homepage/source is inconvenient for provenance but does not create an obvious capability mismatch given this is instruction-only.
Instruction Scope
Instructions focus on static analysis of SQL provided by the user and list specific checks to run. They do not instruct reading system files, environment variables, or contacting external endpoints. One item to note: the 'self-improvement' instruction asks the agent to count findings across reviews and surface top anti-patterns after 20 reviews — that implies maintaining state across runs (agent memory or external storage) but the skill gives no guidance on how/where to persist that data.
Install Mechanism
No install spec and no code files — lowest-risk, instruction-only skill. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The checks described (injection patterns, indexes, joins, etc.) are consistent with this lack of external credentials.
Persistence & Privilege
always:false and no elevated privileges — appropriate. However, the self-improvement instruction implicitly requires persistence of review counts; if the agent implements that by writing to memory or storage, users should be aware that aggregated findings may be retained. The skill itself does not request persistent privileges or system-wide changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sql-query-reviewer
  3. After installation, invoke the skill by name or use /sql-query-reviewer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of sql-query-reviewer skill. - Reviews SQL queries for correctness, performance, and security issues across major dialects - Detects common problems: N+1, missing indexes, injection risks, cartesian joins, implicit casts, and more - Returns structured review reports with severity ratings and optimized rewrites - Highlights what’s correct alongside actionable fixes and summary recommendations - Supports PostgreSQL, MySQL, SQLite, SQL Server, Oracle, BigQuery, Snowflake, and ANSI SQL - Learns from usage to surface the top 3 most common SQL issues over time
Metadata
Slug sql-query-reviewer
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is SQL Query Reviewer?

Reviews SQL queries for correctness, security risks, and performance issues; provides a structured report with severity ratings and optimized rewrites. It is an AI Agent Skill for Claude Code / OpenClaw, with 186 downloads so far.

How do I install SQL Query Reviewer?

Run "/install sql-query-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SQL Query Reviewer free?

Yes, SQL Query Reviewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SQL Query Reviewer support?

SQL Query Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SQL Query Reviewer?

It is built and maintained by Lnguyen1996 (@lnguyen1996); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments