dbdoctor-tools

Name: dbdoctor-tools
Author: dbdoctor-das

功能描述

DBdoctor database performance diagnosis platform tools. Invoke when user needs to query database instances, slow SQL, inspection reports, performance metrics...

使用说明 (SKILL.md)

Quick Start Examples

Scenario 1: Diagnose Instance Performance Issues (Recommended)

# 1. Get tenant and project
python scripts/get_current_user.py --extract

# 2. Get instance list
python scripts/get_instance.py --tenant [tenant] --project [project]

# 3. Execute comprehensive performance diagnosis (last 1 hour)
python scripts/performance_diagnosis.py --instance-id [instance_id] --start-time [start_ts] --end-time [end_ts]

Scenario 2: Execute Instance Inspection

# 1. Get tenant and project of the instance
python scripts/get_instance.py

# 2. Execute inspection
python scripts/do_inspect_instance.py --instance-id [instance_id] --tenant [tenant] --project [project]

# 3. Get inspection report
python scripts/get_recent_inspect_report.py --instance-id [instance_id] --start-time [start] --end-time [end] --tenant [tenant] --project [project]

Scenario 3: SQL Optimization

# 1. Get slow SQL list
python scripts/get_slow_sql.py --instance-id [instance_id] --start-time [start] --end-time [end]

# 2. Audit slow SQL
python scripts/sql_audit.py --instance-id [instance_id] --database [db] --schema [schema] --sql "[sql]"

# 3. Use AI to rewrite SQL (optional)
python scripts/ai_sql_rewrite.py --instance-id [instance_id] --database [db] --schema [schema] --sql "[sql]"

Security

Credential Management

This skill supports two authentication modes:

Mode 1 - Password login (企业版（免费试用）): Requires DBDOCTOR_URL, DBDOCTOR_USER, DBDOCTOR_PASSWORD.
Mode 2 - Email verification code login (免费版（永久免费）, Windows/Mac): Requires DBDOCTOR_URL, DBDOCTOR_EMAIL. When a verification code is needed, the user will be prompted interactively.

If DBDOCTOR_EMAIL is configured, email mode takes precedence.

Credentials are managed by the platform and injected as environment variables at runtime. This skill does not write credentials to disk. The .token_cache file (API session token only) is the only file persisted locally and is listed in .gitignore.

Privileged Operations

Two tools perform write operations that require operator care:

execute_sql: Executes arbitrary SQL on the target database. Review all SQL statements before execution. The tool does not enforce read-only restrictions.
manage_instance: Registers new database instances to the platform. Verify all connection parameters (IP, port, credentials) before execution.

All other tools are read-only queries against the DBdoctor API.

Authentication Mechanism

The program supports two login methods:

Password mode: Reads username/password from environment variables, AES-encrypts the password, and calls /nephele/login to obtain a Token.
Email mode: Sends a verification code to the configured email via /drapi/user/verificationCode, prompts the user to enter the code, AES-encrypts it, and calls /nephele/login with authType=authCode.

Token is cached in .token_cache. When the token expires, the system automatically re-authenticates (password mode is silent; email mode prompts for a new verification code). No manual auth management is required.

Configuration

Set the following environment variables based on your login mode:

Variable	Description	Required
DBDOCTOR_URL	DBdoctor API base URL (e.g. `http://host:port`)	Always
DBDOCTOR_USER	Login username (also used as UserId)	Password mode only
DBDOCTOR_PASSWORD	Login password (sensitive)	Password mode only
DBDOCTOR_EMAIL	Login email for verification code	Email mode only

Note: If DBDOCTOR_EMAIL is set, email verification code mode is used. Otherwise, username/password mode is used.

Mode 1: Password login (企业版（免费试用）)

# CLI configuration (recommended)
clawdbot skills config dbdoctor-tools DBDOCTOR_URL "http://[host]:[port]"
clawdbot skills config dbdoctor-tools DBDOCTOR_USER "[username]"
clawdbot skills config dbdoctor-tools DBDOCTOR_PASSWORD "[password]"

Mode 2: Email verification code login (免费版（永久免费）)

# CLI configuration (recommended)
clawdbot skills config dbdoctor-tools DBDOCTOR_URL "http://[host]:[port]"
clawdbot skills config dbdoctor-tools DBDOCTOR_EMAIL "[email]"

Manual configuration

Edit ~/.clawdbot/clawdbot.json:

{
  skills: {
    entries: {
      "dbdoctor-tools": {
        env: {
          // Mode 1: Password login
          DBDOCTOR_URL: "http://[host]:[port]",
          DBDOCTOR_USER: "[username]",
          DBDOCTOR_PASSWORD: "[password]"

          // Mode 2: Email login (use this instead of USER/PASSWORD)
          // DBDOCTOR_URL: "http://[host]:[port]",
          // DBDOCTOR_EMAIL: "[email]"
        }
      }
    }
  }
}

System environment variables

# Linux / Mac - Password mode
export DBDOCTOR_URL="http://[host]:[port]"
export DBDOCTOR_USER="[username]"
export DBDOCTOR_PASSWORD="[password]"

# Linux / Mac - Email mode
export DBDOCTOR_URL="http://[host]:[port]"
export DBDOCTOR_EMAIL="[email]"

# Windows PowerShell - Password mode
$env:DBDOCTOR_URL="http://[host]:[port]"
$env:DBDOCTOR_USER="[username]"
$env:DBDOCTOR_PASSWORD="[password]"

# Windows PowerShell - Email mode
$env:DBDOCTOR_URL="http://[host]:[port]"
$env:DBDOCTOR_EMAIL="[email]"

Install Dependencies

pip install -r requirements.txt

Dependencies: requests, pycryptodome, python-dotenv

Instance Information Retrieval Guidelines

Important: When tenant and project information is needed, it must be dynamically retrieved through tools, and is prohibited from being extracted directly from user input.

Strictly prohibited from fabricating tenant and project information

Method 1: Retrieve via get_current_user (Recommended)

1. Call get_current_user --extract to get all tenants and projects
2. Select target tenant and project
3. Call get_instance --tenant xxx --project yyy
4. Select target instance and execute other operations

Method 2: Retrieve via get_instance (Recommended)

1. Call get_instance to query all instances (no parameters needed)
2. Find target instance from returned data
3. Extract tenant and project from instance data

API Usage Constraints

Strictly prohibited from calling interfaces not defined in this document

Only use tools and interfaces listed in the API Reference
Prohibited from fabricating or inferring interface paths
Prohibited from calling interfaces of other systems or services

Tool Combination Patterns

Pattern 1: Performance Diagnosis Workflow (Most Common)

get_current_user --extract
        |
get_instance --tenant xxx --project yyy
        |
performance_diagnosis --instance-id xxx --start-time t1 --end-time t2
        |
[Based on diagnosis results]
    - Many slow SQLs -> sql_audit / ai_sql_rewrite
    - Resource bottleneck -> get_host_resource_info / get_basic_monitor_info
    - High active sessions -> get_aas_info / get_current_process

Pattern 2: Instance Inspection Workflow

get_instance -> do_inspect_instance -> get_recent_inspect_report

Pattern 3: SQL Optimization Workflow

get_slow_sql / get_related_sql_info -> sql_audit -> ai_sql_rewrite (if needed)

Pattern 4: New Instance Registration Workflow

get_current_user --extract -> manage_instance -> get_instance (confirm)

Information Collection Matrix

Task Type	Required Information	Collection Strategy	Notes
Query Instance	None	Call tool directly	Get instance list and tenant/project
Instance Inspection	Instance ID	Check -> Ask -> Call	tenant/project via get_instance
Performance Diagnosis	Instance ID + Time Range	Check -> Ask -> Call	tenant/project via get_instance
View Data	Instance ID	Check -> Ask -> Call	tenant/project via get_instance

For detailed processing strategies, decision trees and rules: reference/agent_guidelines.md

Tool API Reference

For complete API documentation with parameters, examples, and related pages, see: reference/api_reference.md

Quick Reference: Parameter Requirements Summary

Tool	Required Parameters
get_instance	None (returns all instances)
get_current_user	None (get current user tenant-project info)
get_instance_abnormal	--instance-id
get_database_by_instance	--instance-id
manage_instance	--ip, --port, --engine, --db-user, --db-password, --db-version, --tenant, --project
get_slow_sql	--instance-id, --start-time, --end-time
get_table_ddl	--instance-id, --database, --schema, --table
execute_sql	--instance-id, --database, --schema, --sql, --engine, --tenant, --project
sql_audit	--instance-id, --database, --schema, --sql
get_sql_audit_rules	--engine (optional), --priority (optional)
do_inspect_instance	--instance-id, --tenant (optional), --project (optional)
get_recent_inspect_report	--instance-id, --start-time, --end-time, --tenant, --project
get_inspect_item	None
get_current_process	--instance-id
alert_message	--status (optional), --priority (optional), --instance-ip (optional)
performance_diagnosis	--instance-id, --start-time, --end-time (comprehensive, recommended)
get_basic_monitor_info	--instance-id, --start-time, --end-time
get_host_resource_info	--instance-id, --start-time, --end-time
get_db_parameter_info	--instance-id
get_aas_info	--instance-id, --start-time, --end-time
get_related_sql_info	--instance-id, --start-time, --end-time
get_instance_info	--instance-id
get_slow_sql_by_time	--instance-id, --start-time, --end-time
ai_sql_rewrite	--instance-id, --database, --schema, --sql
get_sql_rewrite_result	--task-id

Notes

Timestamps: Time range parameters use Unix timestamps (seconds), not milliseconds
Schema: For MySQL, schema name equals database name
Engine Types: mysql, oracle, postgresql, dm (Dameng), sqlserver, oracle-rac
SQL Parameter: When --sql contains spaces or special characters, wrap in quotes
tenant/project: Must be obtained via get_instance — never fabricate or extract from user input
Time Range Default: Alert queries default to last 2 hours if not specified
Performance Diagnosis: Recommended time ranges: last 1h, 6h, or 24h

Reference Document Index

reference/api_reference.md - Complete Tool API Reference (parameters, examples, related pages)
reference/performance_diagnosis_guide.md - Performance Diagnosis Knowledge Base
reference/best_practices.md - Best Practices Guide
reference/audit_and_inspection_rules.md - SQL Audit Rules and Inspection Rules
reference/troubleshooting.md - Common Issues and Solutions
reference/agent_guidelines.md - Agent Processing Strategies and Decision Guidelines

安全使用建议

This package appears to be the real DBdoctor CLI-style toolkit, but there are a few red flags you should address before installing: - Provide required credentials only after confirming which login mode you'll use: the package actually needs DBDOCTOR_URL plus either DBDOCTOR_USER+DBDOCTOR_PASSWORD (password mode) or DBDOCTOR_EMAIL (email mode). Registry metadata listing only DBDOCTOR_URL is inaccurate. Expect interactive prompts if using email mode. - Review and accept that two scripts are privileged: execute_sql (runs arbitrary SQL) and manage_instance (registers DB instances). Do not run those against production systems without review and proper credentials/approvals. - The HTTP client disables TLS verification (requests with verify=False). That makes network traffic vulnerable to MITM; prefer configuring a secure endpoint (https with valid certs) or patching the code to enable verification. - The tool caches a session token to .token_cache in the package directory. If that file or directory is shared, consider its permissions or clear it after use. - The code contains embedded static AES keys used for compatibility/legacy decryption; while used for convenience, embedded keys reduce secrecy and warrant caution with where you run this tool and what secrets you supply. - The pre-scan flagged a base64 block in SKILL.md. Inspect the SKILL.md and any embedded content for hidden instructions or data before trusting the package. If you proceed: run it in an isolated/sandbox environment first, inspect the scripts you intend to use (especially execute_sql/manage_instance), and only supply credentials that are scoped/limited for testing. If you need higher confidence, ask the publisher for clarification on required env vars, the base64 content, and whether verify=False can be changed to verify TLS certificates.

功能分析

Type: OpenClaw Skill Name: dbdoctor-tools Version: 1.0.5 The skill bundle provides a comprehensive integration for the DBdoctor database performance platform, but includes high-risk capabilities such as executing arbitrary SQL (execute_sql.py) and registering new database instances with credentials (manage_instance.py). While these tools are aligned with the stated purpose of database diagnosis and management, they lack input sanitization and represent a significant attack surface for prompt injection. The code also contains hardcoded cryptographic keys in common/auth.py and common/config.py for API communication and legacy configuration decryption. Although the documentation in SKILL.md and agent_guidelines.md includes safety instructions, the inherent power of the tools to perform unconstrained database operations warrants a suspicious classification.

能力标签

cryptorequires-oauth-token

能力评估

⚠ Purpose & Capability

The code and SKILL.md broadly match the stated purpose (database diagnosis, slow-SQL, audits, instance management). However the registry metadata lists only DBDOCTOR_URL as required, while SKILL.md and common/config.py require additional credentials (DBDOCTOR_USER/DBDOCTOR_PASSWORD for password mode or DBDOCTOR_EMAIL for email mode). That mismatch is incoherent and will cause runtime failures or unexpected prompts unless those extra env vars are provided.

⚠ Instruction Scope

Runtime instructions and the included scripts call the DBdoctor API and perform both read-only queries and privileged write actions (execute_sql, manage_instance). The code: - reads a local .env in the package directory as a legacy fallback, - prompts interactively for email verification codes (not suitable for non-interactive/autonomous runs), - caches session tokens to a .token_cache file, and - disables TLS verification on HTTP requests (requests.* verify=False). None of these are out-of-purpose, but the interactive prompt, token persistence, and unverified HTTPS requests expand the operational scope and risk and should be reviewed.

✓ Install Mechanism

There is no external download/install spec; the skill is bundled as code with a requirements.txt (requests, pycryptodome, python-dotenv). Dependencies are standard and expected for the functionality. No remote arbitrary download URLs or extract steps were found.

⚠ Credentials

The registry declares only DBDOCTOR_URL required, but the SKILL.md and code legitimately require sensitive environment variables for operation (DBDOCTOR_USER and DBDOCTOR_PASSWORD for password mode, or DBDOCTOR_EMAIL for email-login). The skill will store a session token in .token_cache. The code also embeds static AES keys for encryption/decryption of credentials/legacy storage; while explainable for compatibility, embedded keys increase attack surface. Requiring plaintext DB credentials for manage_instance and allowing execute_sql (which can run arbitrary SQL) are expected but high-privilege and must be considered proportionally.

ℹ Persistence & Privilege

The skill does not set always: true and does not alter other skills. It persists an API session token to .token_cache in the package directory. That persistence is limited but means tokens survive runs; token caching and automatic re-login are normal for convenience but you should be aware of where the token is stored and who can read it.

版本历史

v1.0.5

- Documentation updated to clarify authentication mode names: Password login now labeled as 企业版（免费试用）, Email verification code login as 免费版（永久免费）. - Login mode descriptions updated for improved clarity and to better distinguish between paid trial and free versions. - No functional or behavioral changes to the skill; only documentation (SKILL.md) was changed.

v1.0.4

- Added support for email verification code login mode alongside original username/password authentication. - Updated documentation to explain dual login modes, required environment variables for each, and corresponding configuration instructions. - Described new authentication behavior: prompts for email verification code if DBDOCTOR_EMAIL is set; otherwise, uses password. - Clarified that token caching and automatic re-authentication works in both modes. - No core tool APIs or workflows were changed.

v1.0.3

Version 1.1.0 (Changelog): - Added detailed API documentation at reference/api_reference.md. - Enhanced security: credentials are now managed strictly via environment variables; they are never written to disk. - Updated configuration instructions for modern CLI, JSON, and environment variable management. - Streamlined and clarified all tool usage guides for instance/tenant/project selection. - Improved documentation structure, including guidance for safe use of write operations.

v1.0.2

- Removed .env, package-lock.json, and requirements.txt from the repository. - Updated documentation to clarify that plaintext passwords in .env files are automatically converted to AES-encrypted format (prefixed with ENC:) on first load. - No functional or API changes; these are documentation and file cleanup updates.

v1.0.1

- Initial release of dbdoctor-tools version 1.0.1. - Added 31 files including Python compiled files and support scripts for instance diagnostics, SQL optimization, and monitoring. - Supports automatic, interactive environment configuration on first use, with fallback to `.env` file or system environment variables. - Provides scripts for key database diagnosis workflows: performance analysis, slow SQL audit and rewrite, inspection, and instance registration. - Enhanced user guidance and usage constraints documented in SKILL.md, including clear step-by-step quick start and environment setup instructions.

v1.0.0

Initial release of dbdoctor-tools skill. - Provides Python scripts for DBDoctor database performance diagnosis and SQL optimization workflows. - Supports automatic environment configuration on first use, with interactive setup prompts. - Includes tools for querying database instances, diagnosing performance, inspecting instances, and auditing/rewriting SQL. - Tenant and project info must always be retrieved via official tools; manual/fabricated values are prohibited. - All tool APIs and usage patterns are documented with example workflows for common scenarios.

元数据

Slug dbdoctor-tools

版本 1.0.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 6

常见问题

dbdoctor-tools 是什么？

DBdoctor database performance diagnosis platform tools. Invoke when user needs to query database instances, slow SQL, inspection reports, performance metrics... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 212 次。

如何安装 dbdoctor-tools？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dbdoctor-tools」即可一键安装，无需额外配置。

dbdoctor-tools 是免费的吗？

是的，dbdoctor-tools 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

dbdoctor-tools 支持哪些平台？

dbdoctor-tools 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 dbdoctor-tools？

由 DBdoctor-DAS（@dbdoctor-das）开发并维护，当前版本 v1.0.5。