← Back to Skills Marketplace
mohamed-hammane

MSSQL

by Umbra · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ Security Clean
209
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install mssql
Description
Execute SQL Server queries and export results as delimiter-separated text. Use when the user asks to fetch, insert, update, or manage data in Microsoft SQL S...
README (SKILL.md)

MSSQL

Run SQL Server queries using scripts/mssql_query.sh.

Quick start

  1. Ensure credentials exist at: ~/.openclaw/credentials/mssql.env
  2. Run a query: bash skills/mssql/scripts/mssql_query.sh --query "SELECT TOP 20 name FROM sys.tables"
  3. Save to file: bash skills/mssql/scripts/mssql_query.sh --query "SELECT TOP 100 * FROM dbo.MyTable" --out /tmp/mytable.dsv

Credentials format

Expected env vars in ~/.openclaw/credentials/mssql.env:

  • MSSQL_HOST
  • MSSQL_DB
  • MSSQL_USER
  • MSSQL_PASSWORD
  • Optional: MSSQL_PORT (default 1433), MSSQL_ENCRYPT (yes/no, default yes), MSSQL_TRUST_CERT (yes/no, default no), SQLCMD_BIN

The credential file path can be overridden with the MSSQL_ENV_FILE environment variable.

Permissions

Query permissions are controlled entirely at the SQL Server user level. The script does not impose any restrictions on query type — the database user's grants determine what is allowed.

Database reference map

Place your database map at references/DB_MAP.md inside this skill folder. This file tells the agent which databases, schemas, and tables to use and how they relate to each other.

See references/DB_MAP.example.md for the expected format.

Useful patterns

  • Run long query from file: bash skills/mssql/scripts/mssql_query.sh --file /path/query.sql --out /tmp/out.dsv
  • Override database: bash skills/mssql/scripts/mssql_query.sh --db OtherDB --query "SELECT TOP 10 * FROM dbo.Users"
  • Change delimiter: bash skills/mssql/scripts/mssql_query.sh --query "SELECT ..." --delim ","
  • Increase timeout: bash skills/mssql/scripts/mssql_query.sh --query "SELECT ..." --timeout 180

Output format

Output is delimiter-separated text, not RFC 4180 CSV. Fields are not quoted or escaped. This works well for structured numeric and short-text data. If your columns contain embedded delimiters, quotes, or newlines, the output may be malformed — choose a delimiter that does not appear in the data, or post-process the output.

Best practices

  • Prefer explicit columns over SELECT *.
  • Use TOP for exploratory samples.
  • Keep queries scoped to the user request.
  • Answer in business language by default; provide SQL details when requested.
  • Never print or expose credentials in responses.

Troubleshooting

  • sqlcmd not found -> install sqlcmd v18+ or set SQLCMD_BIN.
  • TLS/certificate issues on internal networks -> set MSSQL_TRUST_CERT=yes in your credentials file. The default is no (certificate validation enabled).
Usage Guidance
This skill appears to do what it says: run SQL Server queries via sqlcmd and emit delimiter-separated text. Before installing or using it, consider the following practical precautions: - Protect the credential file (~/.openclaw/credentials/mssql.env): it is sourced by the script, so it must contain only trusted variable assignments and be file-permission restricted (e.g., chmod 600). Because the script 'sources' the file, any shell commands in it would be executed. - Use least-privilege DB credentials: create a dedicated user with only the minimum permissions needed (ideally read-only for reporting tasks) to limit risk if credentials are compromised. - Review and control SQL you run: the script imposes no query-level restrictions — destructive statements (DELETE, DROP) will run if the DB user has rights. When allowing an automated agent to issue queries, limit scope and require user confirmation for privileged operations. - Secure transport and certificate options: the script supports encryption and a TRUST_CERT flag; prefer encrypted connections and only set trust-cert when you understand the implications. - Protect output files: the script can write query results to arbitrary paths via --out; ensure downstream handling of those files does not leak sensitive data. - Confirm sqlcmd version and installation source: the script expects sqlcmd v18+; install from official Microsoft packages for your platform. Given the above operational precautions, the skill is internally consistent and appropriate for its described purpose.
Capability Analysis
Type: OpenClaw Skill Name: mssql Version: 1.0.2 The mssql skill is a standard database utility designed to execute SQL Server queries using the 'sqlcmd' binary. The core logic in 'scripts/mssql_query.sh' safely handles credentials via environment variables and provides expected functionality such as query execution, output redirection, and custom delimiters. The 'SKILL.md' file includes appropriate security guidance for the AI agent, such as instructions to never expose credentials. No indicators of malicious intent, data exfiltration, or unauthorized persistence were found.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
Name, description, required binaries (sqlcmd), and required env vars (MSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD) align with a tool that runs Microsoft SQL Server queries and exports delimiter-separated output. No unrelated services, credentials, or binaries are requested.
Instruction Scope
The SKILL.md and script keep scope to SQL Server operations. The script sources a credentials file (~/.openclaw/credentials/mssql.env) which is expected for DB access, and it can read SQL from a user-specified file path (--file). Sourcing the env file means if that file contains malicious shell code it would be executed; this is an operational risk (not mismatch) and should be mitigated by protecting the file and its contents. The script also exports MSSQL_PASSWORD into SQLCMDPASSWORD (to avoid showing it on the process command line) — expected behavior for sqlcmd usage.
Install Mechanism
No install spec is provided (instruction-only plus a small script), so nothing is downloaded or written during install by the skill itself. Requiring sqlcmd to be present is appropriate and proportionate.
Credentials
The skill requests only the environment variables necessary for connecting to SQL Server (host, DB, user, password, optional port/encryption flags). The number and type of env vars are appropriate for the stated functionality. No unrelated credentials are requested.
Persistence & Privilege
always:false (default) and no install-time changes to other skills or system-wide settings are requested. The skill does not attempt to persist beyond its own files or change other skills' configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mssql
  3. After installation, invoke the skill by name or use /mssql
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
v1.0.2 — Declare required env vars in metadata - Added MSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD to requires.env - Fixes manifest/metadata inconsistency flagged by ClawHub security scan
v1.0.1
v1.0.1 — Security hardening + contract fix - Password no longer exposed in process list (uses SQLCMDPASSWORD env var) - MSSQL_TRUST_CERT defaults to no (certificate validation enabled) - Output contract renamed to delimiter-separated text (not CSV) — docs, examples, and help text updated - Fixed --out crash with filename-only paths - Fixed separator line removal — now position-aware (line 2 only) - Added --db flag for ad-hoc database override
v1.0.0
Initial release — SQL Server queries and CSV export, no query restrictions, permissions at DB user level
Metadata
Slug mssql
Version 1.0.2
License MIT-0
All-time Installs 2
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is MSSQL?

Execute SQL Server queries and export results as delimiter-separated text. Use when the user asks to fetch, insert, update, or manage data in Microsoft SQL S... It is an AI Agent Skill for Claude Code / OpenClaw, with 209 downloads so far.

How do I install MSSQL?

Run "/install mssql" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MSSQL free?

Yes, MSSQL is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MSSQL support?

MSSQL is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MSSQL?

It is built and maintained by Umbra (@mohamed-hammane); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments