← Back to Skills Marketplace
zenixp

MYSQL QUERY

by zenixp · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
3270
Downloads
8
Stars
18
Active Installs
2
Versions
Install in OpenClaw
/install db-query
Description
Query project databases with automatic SSH tunnel management. Use when you need to execute SQL queries against configured databases, especially those accessi...
README (SKILL.md)

Database Query

Overview

Query databases through a centralized configuration file with automatic SSH tunnel management. Handles connection details, SSH tunnel setup/teardown, and query execution.

Security

Passwords are never exposed in process lists. The skill uses environment variables for credentials:

  • MYSQL_PWD for database passwords (passed to mysql client)
  • SSHPASS for SSH tunnel passwords (passed to sshpass)

Recommended: Store credentials in environment variables instead of the config file for better security.

Configuration

Setup

  1. Create config file at ~/.config/clawdbot/db-config.json:

    mkdir -p ~/.config/clawdbot
# Copy example config and edit
cp /usr/lib/node_modules/clawdbot/skills/db-query/scripts/config.example.json ~/.config/clawdbot/db-config.json

  2. Add database entries with these fields:

    • name: Description used to find the database (required)
    • host: Database host (required)
    • port: Database port (default: 3306)
    • database: Database name (required)
    • user: Database user (required)
    • password: Database password (optional, can use env var)
    • ssh_tunnel: Optional SSH tunnel configuration

  3. SSH tunnel configuration (if needed):

    • enabled: true/false
    • ssh_host: Remote SSH host
    • ssh_user: SSH username
    • ssh_port: SSH port (default: 22)
    • local_port: Local port to forward (e.g., 3307)
    • remote_host: Remote database host behind SSH (default: localhost)
    • remote_port: Remote database port (default: 3306)

Environment Variables (Recommended)

Instead of storing passwords in the config file, use environment variables:

# Format: DB_PASSWORD_\x3CDATABASE_NAME> (spaces replaced with underscores, uppercase)
export DB_PASSWORD_PRODUCTION_USER_DB="your_db_password"

# Format: SSH_PASSWORD_\x3CDATABASE_NAME> for SSH tunnel password
export SSH_PASSWORD_PRODUCTION_USER_DB="your_ssh_password"

Example Config

{
  "databases": [
    {
      "name": "Production User DB",
      "host": "localhost",
      "port": 3306,
      "database": "user_db",
      "user": "db_user",
      "password": "",
      "ssh_tunnel": {
        "enabled": true,
        "ssh_host": "prod.example.com",
        "ssh_user": "deploy",
        "local_port": 3307
      }
    }
  ]
}

Set environment variables (recommended):

export DB_PASSWORD_PRODUCTION_USER_DB="your_db_password"
export SSH_PASSWORD_PRODUCTION_USER_DB="your_ssh_password"

Usage

List Databases

python3 /usr/lib/node_modules/clawdbot/skills/db-query/scripts/db_query.py --list

Query a Database

python3 /usr/lib/node_modules/clawdbot/skills/db-query/scripts/db_query.py \
  --database "Production User DB" \
  --query "SELECT * FROM users LIMIT 10"

The script will:

  1. Find database by matching description in config
  2. Start SSH tunnel (if configured)
  3. Execute query
  4. Automatically close SSH tunnel (important for cleanup)

With Custom Config Path

python3 /usr/lib/node_modules/clawdbot/skills/db-query/scripts/db_query.py \
  --config /path/to/custom-config.json \
  --database "test" \
  --query "SHOW TABLES"

Requirements

  • MySQL client: apt install mysql-client or equivalent
  • SSH client: usually pre-installed on Linux/Mac
  • Python 3.6+

Notes

  • SSH tunnels are automatically closed after query execution
  • Use --list to see all configured databases and their descriptions
  • Database search is case-insensitive partial match on name field
  • Local ports for SSH tunnels should be unique per database
Usage Guidance
This skill appears to do what it claims (manage SSH tunnels and run MySQL queries). Before installing or using it: - Ensure the local mysql client and ssh are installed (and sshpass if you plan to use password-based SSH). The registry metadata does not declare these requirements, so install them manually if needed. - Prefer key-based SSH authentication rather than sshpass/SSH passwords; if you use passwords, be aware environment variables and process environments can be observable on some systems. - Verify the config file location (~/.config/clawdbot/db-config.json) and file permissions to protect stored secrets. The example encourages storing secrets in env vars rather than the file — follow that advice. - Note the script uses 'StrictHostKeyChecking=accept-new' which will automatically accept new host keys; if you need stricter host verification, edit the script or your SSH options. - Optionally review the included scripts/db_query.py yourself (it's small and readable) before use. The code contains no hidden network endpoints or exfiltration behavior, but it does invoke external programs (ssh, mysql) and will connect to whatever hosts are configured in your config file.
Capability Analysis
Type: OpenClaw Skill Name: db-query Version: 1.0.1 The skill is classified as suspicious primarily due to a critical SQL injection vulnerability in `scripts/db_query.py`. The `execute_mysql_query` function directly passes the user-provided `query` argument to the `mysql` client's `-e` flag without sanitization, allowing arbitrary SQL commands to be executed against configured databases. Additionally, the SSH tunnel setup uses `StrictHostKeyChecking=accept-new`, which weakens security by making the first connection vulnerable to Man-in-the-Middle attacks. While the `SKILL.md` instructions themselves do not contain malicious prompt injection, they direct the agent to use a script that is vulnerable to SQL injection via its `--query` argument.
Capability Assessment
Purpose & Capability
Name/description state: run MySQL queries with SSH tunnel management. The included script implements exactly that: reads a JSON config, optionally starts an SSH tunnel (ssh/sshpass), and runs the mysql client. No unrelated services or credentials are requested by the code.
Instruction Scope
SKILL.md and the script operate within expected scope: they read a single config file (default ~/.config/clawdbot/db-config.json), use environment variables for DB/SSH passwords, establish SSH tunnels, and invoke the local mysql client. The instructions do not ask the agent to read unrelated files, contact external endpoints other than SSH/mysql hosts, or collect extra system data. Note: the script prints examples and lists configured databases when the config is missing.
Install Mechanism
This is instruction-only (no install spec) which minimizes installer risk. However SKILL.md and INSTALL.md reference copying config from /usr/lib/node_modules/... and require local binaries (mysql client, ssh, optionally sshpass) even though the registry metadata lists 'required binaries: none'. That mismatch is a packaging/metadata omission you should be aware of — the tool will fail at runtime if mysql/ssh (and sshpass when using password-based SSH) are not installed.
Credentials
The script uses environment variables for credentials (DB_PASSWORD_<NAME>, SSH_PASSWORD_<NAME>) and sets MYSQL_PWD/SSHPASS only for subprocess execution. No other unrelated environment variables or cloud credentials are requested. Requiring secrets for the databases you're connecting to is proportional to the functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills' configurations. It runs only when invoked by the user/agent.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install db-query
  3. After installation, invoke the skill by name or use /db-query
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Credentials are now handled via environment variables (`MYSQL_PWD`, `SSHPASS`) for increased security; passwords are no longer visible in process lists. - Strongly recommends storing database and SSH passwords in environment variables instead of the config file. - Updated documentation with usage examples for environment variables and changes to configuration best practices. - All existing functionality and usage remain unchanged.
v1.0.0
- Initial release of db-query skill. - Query project databases with automatic SSH tunnel management. - Uses a centralized config to manage multiple databases by name/description. - Automatically handles SSH tunnel setup and teardown before/after each query. - Allows listing databases and executing SQL queries from the command line. - Supports custom config file paths and partial name matching for database selection.
Metadata
Slug db-query
Version 1.0.1
License
All-time Installs 19
Active Installs 18
Total Versions 2
Frequently Asked Questions

What is MYSQL QUERY?

Query project databases with automatic SSH tunnel management. Use when you need to execute SQL queries against configured databases, especially those accessi... It is an AI Agent Skill for Claude Code / OpenClaw, with 3270 downloads so far.

How do I install MYSQL QUERY?

Run "/install db-query" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MYSQL QUERY free?

Yes, MYSQL QUERY is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MYSQL QUERY support?

MYSQL QUERY is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MYSQL QUERY?

It is built and maintained by zenixp (@zenixp); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments