← Back to Skills Marketplace
552
Downloads
2
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install zero
Description
Create ephemeral TiDB Cloud Zero databases for agent workflows in Technical Preview.
Usage Guidance
What to check before installing:
- Provenance: The skill's source/homepage is unknown and the skill name includes "(Deprecated)" — verify who published it and whether this is an official TiDB/PingCAP offering before trusting it.
- Runtime dependencies: SKILL.md examples use curl, jq, the mysql CLI and Node's mysql2, but the skill metadata lists no required binaries. Ensure those tools are available in the agent environment or the instructions will fail. Consider asking the publisher to list explicit runtime dependencies.
- API safety: The guide implies provisioning via POST to https://zero.tidbapi.com without any auth. Confirm the API's access controls and rate limits with the provider — unauthenticated provisioning can be abused and may expose you to unexpected costs or resource creation.
- Secrets handling: The API returns DB credentials; the skill explicitly tells the agent to write them to a local file. Ensure the agent environment is sandboxed, that files are stored securely, and that the agent is not allowed to exfiltrate files to untrusted endpoints.
- Test manually first: Run the documented curl commands yourself from a controlled environment to confirm behavior and inspect the response shape and expiration policy.
If you cannot verify the publisher or the API behavior, or you do not want the agent to make external network calls, do not install or do not grant network access/autonomous invocation. If you proceed, ask the skill author to correct metadata (declare required binaries) and provide an official documentation link or contact.
Capability Analysis
Type: OpenClaw Skill
Name: zero
Version: 1.0.1
The skill's primary purpose is to provision TiDB Cloud Zero databases, which involves making API calls and providing connection details. However, the `SKILL.md` file contains instructions for the agent to execute `mysql` commands where the connection string, obtained directly from an external API response (`zero.tidbapi.com`), is interpolated into a shell command. This pattern (`mysql "<connectionString>"`) presents a shell injection vulnerability (RCE risk) if the `connectionString` returned by the API were maliciously crafted, even though the skill author's intent is to connect to their own provisioned database. This risky capability, despite lacking clear malicious intent from the skill author, warrants a 'suspicious' classification due to the potential for remote code execution via a compromised API endpoint.
Capability Assessment
Purpose & Capability
The name and description (ephemeral TiDB Cloud Zero DBs) align with the SKILL.md instructions: call an API endpoint to provision an instance and then connect with a MySQL-compatible client. The actions described (POST to an API, read returned connection string, run SQL) are coherent for this purpose.
Instruction Scope
Instructions stay within the stated purpose (provision, connect, optionally bootstrap demo data). They instruct saving credentials to a local file and show CLI/Node examples. There is no instruction to read unrelated user files or other system secrets, but the guide tells the agent to persist sensitive credentials locally — this increases risk if the agent environment has network or exfiltration capabilities. The SKILL.md uses external commands/tools (curl, jq, mysql, Node "mysql2") which are required at runtime but are not declared in the skill metadata.
Install Mechanism
Instruction-only skill with no install spec and no code files, so nothing is written to disk by the installer. This is the lowest-installation risk surface.
Credentials
The skill declares no required env vars or credentials, which is plausible if the API is unauthenticated, but the runtime instructions rely on external tooling (curl, jq, mysql client, Node library). The metadata omission of these runtime dependencies is an inconsistency. The SKILL.md also instructs storing the returned database credentials in a local file — that is appropriate but raises the need to protect those secrets and to ensure the agent execution environment is trustworthy.
Persistence & Privilege
The skill does not request persistent or always-on presence; default autonomous invocation is allowed (normal). There is no install script or configuration changes described that modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install zero - After installation, invoke the skill by name or use
/zero - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Deprecate this, please use TiDB Cloud Zero instead
v1.0.0
Initial technical preview release for ephemeral TiDB Cloud Zero databases.
- Provision disposable TiDB Cloud Zero databases via a POST API.
- Provides deterministic SQL smoke test instructions using API and CLI.
- Returns connection string and credentials in API response for immediate use.
- Suggests guided quickstart experience to bootstrap demo data.
- Explains response fields and planned feature for claiming temporary databases.
- Includes sample code for CLI and Node.js connections.
Metadata
Frequently Asked Questions
What is Zero TiDB(Deprecated)?
Create ephemeral TiDB Cloud Zero databases for agent workflows in Technical Preview. It is an AI Agent Skill for Claude Code / OpenClaw, with 552 downloads so far.
How do I install Zero TiDB(Deprecated)?
Run "/install zero" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Zero TiDB(Deprecated) free?
Yes, Zero TiDB(Deprecated) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Zero TiDB(Deprecated) support?
Zero TiDB(Deprecated) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Zero TiDB(Deprecated)?
It is built and maintained by Bosn (@bosn); the current version is v1.0.1.
More Skills