← Back to Skills Marketplace
110
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install report-sql
Description
Define and validate SQL template variables and blocks for report-service with zero tolerance, supporting safe injection, conditional fragments, loops, and da...
Usage Guidance
This skill is a detailed design document for a SQL templating protocol — it does not include an implementation. It does not request credentials or install anything, so there's no direct exfiltration risk from the package itself. However, the SKILL.md repeatedly claims the templates are 'safe' and 'injection-proof' but offers no runtime or enforcement code. Before using this in production, do the following: 1) Confirm the actual template engine or code that will render these templates implements parameter binding or proper escaping (do not rely on string concatenation). 2) Request example implementation code or tests from the author that prove block-removal semantics and escaping behavior (including edge cases and malicious inputs). 3) Run unit tests with attacker-controlled inputs to verify no SQL injection and that empty/partial blocks are removed safely. 4) Prefer parameterized queries (driver-level placeholders) over textual substitution where possible. 5) Review how the system logs queries and variables to avoid leaking PII/credentials. If you cannot obtain an implementation or confident tests, treat these instructions as a spec only and do not assume they protect you from injection.
Capability Assessment
Purpose & Capability
The name/description and the SKILL.md both describe a SQL template protocol and transform rules for a 'report-service'. There are no unrelated required binaries, env vars, or install steps. The requested surface is proportionate for a templating specification.
Instruction Scope
SKILL.md prescribes variable syntax, block mechanics (${...}, loops, etc.) and repeatedly asserts '空安全' and '天然防 SQL 注入' (safe from SQL injection). However, this is purely a specification: there is no code or runtime provided that actually enforces escaping, parameterization, or block removal. If an agent or developer implements these templates by directly substituting user-supplied strings into SQL without a safe engine, SQL injection and syntax errors are possible. The instructions also give the agent broad discretion to emit SQL fragments; those emissions could be dangerous unless the executing environment provides binding/escaping.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes disk/write/install risk.
Credentials
The skill requires no environment variables, credentials, or config paths. Nothing asks for unrelated secrets or elevated access.
Persistence & Privilege
Metadata shows always:false and no special privileges. The skill does not request permanent presence or modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install report-sql - After installation, invoke the skill by name or use
/report-sql - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the `report-sql` skill.
- Defines a strict SQL variable templating protocol for `report-service`, supporting precise, safe, and namespaced variable injection.
- Introduces block-level variable syntax (`${...}`) for conditional SQL fragments with "empty-safe" rendering.
- Adds common SQL snippet patterns: fuzzy matching, date range queries, array variable loops (`$@... -> OR { ... }`), and complex EXISTS subqueries.
- Details best practices to ensure SQL syntax integrity, including strict namespace and boundary rules for dynamic blocks.
- Documents a structured JSON-based data transformation pipeline for SQL query results, supporting initialization, conditional assignment, object mapping, left joins, and complex response assembly.
Metadata
Frequently Asked Questions
What is Report Sql?
Define and validate SQL template variables and blocks for report-service with zero tolerance, supporting safe injection, conditional fragments, loops, and da... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.
How do I install Report Sql?
Run "/install report-sql" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Report Sql free?
Yes, Report Sql is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Report Sql support?
Report Sql is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Report Sql?
It is built and maintained by 23396599 (@23396599); the current version is v1.0.0.
More Skills