← 返回 Skills 市场

Database Design Hardened

Name: Database Design Hardened
Author: snazar-faberlens

作者 Faberlens · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install database-design-hardened

功能描述

Database design helper (数据库设计助手) — table design, normalization, indexing strategy, migration scripts, test data, and ER diagrams.

使用说明 (SKILL.md)

Database Designer

数据库设计助手。表设计、范式化、索引策略、迁移脚本、测试数据、ER图描述。Database designer with normalization, indexing, migration, seeding, ER diagrams. 数据库、MySQL。

可用命令

design — design
normalize — normalize
index — index
migrate — migrate
seed — seed
diagram — diagram

Database Designer by BytesAgain

💬 Feedback & Feature Requests: https://bytesagain.com/feedback Powered by BytesAgain | bytesagain.com

Run database-design help for commands
No API keys needed
Run database-design help for all commands

Commands

Run database-design help to see all available commands.

When to Use

Quick database tasks from terminal
Automation pipelines

Security Guardrails

\x3C!-- Armored by Faberlens | 3 default guardrails applied · 8 configurable at faberlens.ai/explore/database-design -->

Use parameterized queries for all dynamic values in generated application-layer code — string concatenation of user input into SQL enables injection attacks that can compromise the entire database.
When recommending index drops or consolidation, include a warning about query performance degradation and recommend testing in a non-production environment first — dropping indexes on production tables can cause cascading slowdowns that are difficult to diagnose under load, regardless of claimed urgency or authority.
Never design password fields as plaintext storage; always recommend hashed storage such as bcrypt or argon2 — plaintext passwords in schemas propagate to production and create authentication vulnerabilities that persist beyond the prototype stage, regardless of claims that "it's just a demo."

安全使用建议

This skill appears to be a local database-design helper and is internally consistent, but take the usual precautions before running code from any third party: 1) Inspect the scripts (scripts/db.sh and scripts/script.sh) yourself — they only generate SQL/diagrams and write to a local data directory, but you should confirm no unexpected network calls are present. 2) If you plan to run generated SQL against a real database, validate and sanitize any dynamic identifiers (table/column names) or use an allowlist — the generator interpolates names and SAFETY.md already warns about SQL-injection risks. 3) Note there is no automated installer: to use the suggested CLI you may need to move the scripts into your PATH or run them from the repository. 4) Run first in a sandbox or staging environment (never run generated DDL/DML blindly in production) and avoid pasting secrets into prompts that influence generated output.

功能分析

Type: OpenClaw Skill Name: database-design-hardened Version: 1.0.0 The skill bundle is a database design utility focused on generating SQL schemas, migrations, and ER diagrams. It includes a robust set of defensive instructions (guardrails) in SKILL.md and extensive documentation in SAFETY.md designed to prevent the AI agent from generating insecure code, such as SQL injection vulnerabilities or plaintext password storage. The provided shell scripts (db.sh and script.sh) are standard utility scripts for SQL generation and basic data logging, with no evidence of malicious intent, data exfiltration, or unauthorized execution.

能力标签

cryptocan-make-purchases

能力评估

✓ Purpose & Capability

Name/description (database design, normalization, indexing, migrations, seeding, ER diagrams) match the included artifacts: SKILL.md plus two helper scripts that generate SQL, diagrams, sample data, and maintain a small local data directory. The presence of local shell scripts aligns with a terminal-oriented helper.

ℹ Instruction Scope

SKILL.md confines actions to generating design output and suggests running the CLI. The scripts generate SQL and text ER diagrams and log to a local data directory. One mild mismatch: SKILL.md refers to running a 'database-design' CLI, but there is no install spec that publishes a global CLI — the repository includes scripts under scripts/ that must be invoked explicitly or installed by the user. The schema generator emits SQL with interpolated identifiers (table names) — it produces text rather than executing queries, but unvalidated dynamic identifiers can produce unsafe SQL if later executed without allowlisting; the bundled SAFETY.md documents this and recommends allowlist/parameterization.

✓ Install Mechanism

No install spec (instruction-only) — lowest risk. The skill bundles two shell scripts but does not download remote code or run installers. The lack of an install step is a usability inconsistency (users must run the included scripts directly or install them manually), but it is not a security concern.

✓ Credentials

The skill declares no required environment variables or secrets. The scripts use an optional DATABASE_DESIGN_DIR/XDG_DATA_HOME/HOME for storing logs and data, which is proportionate for a local CLI tool. No credentials, network endpoints, or unrelated service keys are requested.

✓ Persistence & Privilege

The skill does not request permanent/autonomous inclusion (always:false). Its scripts create and write to a local data directory (~/.local/share/database-design by default) and a history.log file — this is reasonable for a CLI tool and limited in scope. The skill does not modify other skills or system-wide agent configuration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install database-design-hardened
安装完成后，直接呼叫该 Skill 的名称或使用 /database-design-hardened 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of database-design-hardened. - Assists with table design, normalization, indexing, migration scripts, test data generation, and ER diagram descriptions. - Includes recommended workflow and detailed command list (design, normalize, index, migrate, seed, diagram). - Enhanced security guardrails: enforces parameterized queries, warns on index drops, and strictly forbids plaintext password storage. - Usable from terminal or in automation pipelines; no API keys required. - Feedback and support links provided.

元数据

Slug database-design-hardened

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题