← 返回 Skills 市场
database-admin
作者
ericyang1234
· GitHub ↗
· v2.0.0
· MIT-0
753
总下载
0
收藏
4
当前安装
3
版本数
在 OpenClaw 中安装
/install database-admin
功能描述
提供数据库表结构设计、数据批量操作、复杂查询优化、类型处理及事务安全的全面数据库管理服务。
使用说明 (SKILL.md)
数据库管理员 Database Admin 📜
"先严父后慈" —— 杜子美
本技能提供全面的数据库管理功能,包括表结构创建、数据操作、查询优化、类型处理(如 BIGINT)等。所有操作均遵循 SQL 最佳实践和事务安全原则。
核心能力
🔹 表结构设计
- 自动设计最优表结构(主键、索引、约束)
- 支持多种数据类型(TEXT、VARCHAR、BIGINT、UUID、JSONB、ENUM)
- 自动创建适当的索引以提高查询性能
- 设置外键约束和检查约束
- 处理 NULL 值和默认值策略
🔹 数据插入
- 批量插入大量数据(使用事务优化)
- 处理 BIGINT 等大数类型数据
- 验证数据类型兼容性
- 避免主键冲突和外键违规
🔹 查询优化
- 编写高效的 JOIN 查询
- 聚合统计和分析查询
- 子查询和 CTE 的使用
- 执行计划分析和优化建议
🔹 数据库维护
- CREATE TABLE、ALTER TABLE、DROP TABLE
- INDEX 创建和 DROP INDEX
- TRUNCATE 清空表(保留结构)
- VACUUM 分析表
- 备份和恢复操作
使用场景
当你需要以下操作时,请触发此技能:
- "创建一个用户表,包含用户名、邮箱、注册时间"
- "向 products 表中插入这些商品数据..."
- "查询所有销售额超过 10 万元的订单"
- "为 orders 表的 customer_id 创建索引"
- "将 text_column 从 TEXT 转换为 VARCHAR(255)"
- "批量导入 10 万条记录,使用事务优化"
- "修复 BIGINT 类型数据溢出问题"
技术细节
本技能在幕后会使用:
- 驱动:
pg(PostgreSQL) - 连接池:
pgpool管理并发连接 - 批量插入: 使用 COPY 或批量 INSERT 优化性能
- 事务控制: 自动开启/提交事务,保证 ACID 属性
- 错误处理: 捕获并报告约束违规、类型不匹配等
数据库配置(roadflow)
- 主机: 192.168.1.136
- 端口: 35438
- 用户: postgres
- 密码: Hxkj510510
- 目标库: roadflow
示例用法
创建表
创建一个库存表 stock_info,包含:
- id (SERIAL PRIMARY KEY)
- product_name (VARCHAR(100))
- quantity (INT)
- price (DECIMAL(10,2))
- created_at (TIMESTAMP)
- 为 product_name 创建索引
插入数据
向 stock_info 表插入以下商品:
[{product_name: "苹果", quantity: 100, price: 8.5}, ...]
查询统计
计算每个类别的商品平均价格
WHERE quantity > 50
GROUP BY category
ORDER BY avg_price DESC
技能由杜甫(📜)编写,秉承"致君尧舜上,再使风俗淳"的务实精神
安全使用建议
Key points to consider before installing or running: (1) The code and SKILL.md include an explicit DB host, database name and a hard-coded password (192.168.1.136:35438, roadflow, user postgres, password Hxkj510510). Metadata declares no required credentials — this is inconsistent. Treat those embedded credentials as sensitive and verify their origin and validity. (2) Many scripts perform destructive operations (ALTER, DROP, TRUNCATE, bulk INSERT, schema migrations) and cleanup of backup directories; do not run against production systems without code review and backups. (3) Several SQL statements are built by concatenating strings (risk of SQL injection); prefer parameterized queries. (4) Run the skill only in an isolated test environment first, audit all scripts, remove or replace any hard-coded credentials with environment variables, and confirm the intended target (this may be designed for a private internal DB). (5) If you do not recognize the provided host/credentials or do not have permission to access that database, do not execute these scripts. If you need this functionality, request a variant that reads DB connection info from validated env vars and includes safety confirmations/prompts before destructive actions.
功能分析
Type: OpenClaw Skill
Name: database-admin
Version: 2.0.0
The skill bundle contains hardcoded database credentials (IP 192.168.1.136, user 'postgres', password 'Hxkj510510') and scripts specifically targeting sensitive HR, payroll, and attendance data (query_kaoqin_forms.js). Additionally, almost all utility scripts, including create_table.js, query_helper.js, and schema_migrate.js, contain critical SQL injection vulnerabilities due to direct string concatenation of parameters into SQL queries. While these functions are consistent with the stated 'Database Admin' purpose, the combination of exposed credentials and lack of input sanitization poses a high risk of unauthorized data access or manipulation.
能力评估
Purpose & Capability
The files and SKILL.md implement the advertised DB-admin capabilities (create/alter tables, bulk insert, backup/restore, query optimization). However the package metadata claims no required credentials or config, while multiple scripts hard-code a specific DB host, port, user, database and password (192.168.1.136:35438, postgres/Hxkj510510, db roadflow). That mismatch (no declared env/credentials but embedded secrets) is incoherent and unexpected.
Instruction Scope
SKILL.md and scripts instruct operations that can modify or delete production data (CREATE/DROP/ALTER/TRUNCATE, bulk inserts, migrations, backups and cleanup of backup directories). Several scripts build SQL via string concatenation (no parameterization) and some will remove files from backup dirs. The runtime instructions do not require explicit confirmation or a declared safe sandbox — they contain connection info and examples that point at a specific target DB.
Install Mechanism
No install spec (instruction-only) reduces installer-level risk, but the skill bundle includes runnable Node.js scripts. There is no package install step, but if the agent or user runs the included scripts they will execute network and filesystem actions. package.json references a main script (scripts/index.js) that is not present (minor inconsistency).
Credentials
Declared requirements list no env vars or credentials, yet many files embed cleartext DB credentials and a specific host. Some scripts can fall back to environment variables, but multiple important scripts ignore env vars and use the hard-coded credentials. Requiring no secrets in metadata while shipping hard-coded secrets is disproportionate and risky.
Persistence & Privilege
The skill does not request platform-wide privileges (always:false) and does not modify other skills' configuration. Its actions are limited to the database and local backup paths referenced in scripts, which is appropriate for a DB-admin tool — but the combination with hard-coded credentials increases potential blast radius if those credentials are valid.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install database-admin - 安装完成后,直接呼叫该 Skill 的名称或使用
/database-admin触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Version 2.0.0
- Updated dependencies in package.json.
- No changes to functionality or documentation.
v1.1.0
- Added new file: package.json to the project.
- No changes made to functionality or documentation content.
- Version incremented to 1.1.0.
v1.0.0
- Initial release of the database-admin skill.
- Provides comprehensive database administration: schema management, data operations, performance optimization, and error handling.
- Supports advanced features including transaction safety, bulk insertions, indexing, JOIN/aggregation queries, and special data types like BIGINT and JSONB.
- Includes capabilities for backup, restore, migration, and debugging common database issues.
- Documentation and usage examples provided in Chinese for quick reference.
元数据
常见问题
database-admin 是什么?
提供数据库表结构设计、数据批量操作、复杂查询优化、类型处理及事务安全的全面数据库管理服务。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 753 次。
如何安装 database-admin?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install database-admin」即可一键安装,无需额外配置。
database-admin 是免费的吗?
是的,database-admin 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
database-admin 支持哪些平台?
database-admin 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 database-admin?
由 ericyang1234(@ericyang1234)开发并维护,当前版本 v2.0.0。
推荐 Skills