← 返回 Skills 市场
magicczc

SQL全生命周期审核

作者 magicCzc · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
50
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install dbskiter-db-sql-auditor
功能描述
SQL全生命周期审核,支持SQL规范审核、性能评估、DDL影响分析。 使用场景: - 用户说"审核SQL" → 执行 sql "<SQL>" - 用户说"检查规范" → 执行 sql "<SQL>" - 用户说"DDL影响" → 执行 ddl "<DDL>" - 用户说"查看规则" → 执行 rules 用法:...
使用说明 (SKILL.md)

SQL审核 Skill

何时使用

当用户提到以下关键词时,使用此skill:

用户说法 执行命令 说明
"审核SQL" dbskiter --output-mode=ai --database=\x3Cname> audit sql "\x3CSQL>" 审核单条SQL
"检查规范" dbskiter --output-mode=ai --database=\x3Cname> audit sql "\x3CSQL>" 检查SQL规范
"DDL影响" dbskiter --output-mode=ai --database=\x3Cname> audit ddl "\x3CDDL>" 分析DDL影响
"审核文件" dbskiter --output-mode=ai --database=\x3Cname> audit file \x3Cpath> 审核SQL文件
"查看规则" dbskiter --output-mode=ai --database=\x3Cname> audit rules 查看审核规则

核心命令

1. 审核SQL

dbskiter --database=\x3C数据库名> audit sql "SELECT * FROM users WHERE id = 1"

输出:审核评分、问题列表、修复建议

评分标准

  • 90-100:通过
  • 80-89:警告
  • \x3C80:不通过

2. DDL影响分析

dbskiter --database=\x3C数据库名> audit ddl "ALTER TABLE users ADD COLUMN age INT"

输出:预估执行时间、风险点、建议

3. 审核SQL文件

dbskiter --database=\x3C数据库名> audit file queries.sql

用途:批量审核多个SQL语句

4. 查看规则

dbskiter --database=\x3C数据库名> audit rules

输出:所有审核规则列表

核心命令(9个)

1. 审核SQL

dbskiter --database=\x3C数据库名> audit sql "SELECT * FROM users WHERE id = 1"

输出:审核评分、问题列表、修复建议

2. DDL影响分析

dbskiter --database=\x3C数据库名> audit ddl "ALTER TABLE users ADD COLUMN age INT"

输出:预估执行时间、风险点、建议

3. 审核SQL文件

dbskiter --database=\x3C数据库名> audit file queries.sql

用途:批量审核多个SQL语句

4. 查看规则

dbskiter --database=\x3C数据库名> audit rules

输出:所有审核规则列表

5. SQL优化

dbskiter --database=\x3C数据库名> audit optimize "SELECT * FROM users WHERE age > 18"

功能:智能优化SQL,提供重写建议、索引推荐、成本估算

6. 索引推荐

dbskiter --database=\x3C数据库名> audit recommend-indexes "SELECT * FROM orders WHERE user_id = 1"

功能:分析SQL并推荐合适的索引

7. 执行计划分析

dbskiter --database=\x3C数据库名> audit analyze-plan --plan="EXPLAIN输出"

功能:分析执行计划,识别性能瓶颈

8. 成本估算

dbskiter --database=\x3C数据库名> audit estimate-cost "SELECT * FROM users"

功能:估算SQL执行成本(IO、CPU、内存)

9. SQL重写

dbskiter --database=\x3C数据库名> audit rewrite "SELECT * FROM users WHERE id = 1"

功能:自动重写SQL,消除常见性能问题

审核类型

  • syntax:语法规范
  • performance:性能规范
  • security:安全规范
  • style:编码风格
  • ddl:DDL规范

AI决策流程

场景1:用户说"审核这条SQL"

步骤1:提取用户提供的SQL
步骤2:执行 dbskiter --database=\x3Cname> audit sql "\x3CSQL>"
步骤3:解读审核评分和问题列表
步骤4:给出修复建议

场景2:用户说"这个DDL有什么影响"

步骤1:提取DDL语句
步骤2:执行 dbskiter --database=\x3Cname> audit ddl "\x3CDDL>"
步骤3:解读影响分析结果
步骤4:给出执行建议(如低峰期执行)
安全使用建议
Before installing or enabling this skill: 1) Ask the author to declare required dependencies (explicitly list dbskiter as a required binary and its minimum version). 2) Require explicit documentation for how database connections/credentials are supplied (environment variables, config files, or an external connector) and ensure least-privilege credentials are used (read-only, limited-schema). 3) Verify dbskiter's provenance (official website/GitHub release) and review what data it sends off-host — confirm it doesn't exfiltrate data. 4) Be cautious about the 'audit file <path>' feature: it may cause the agent to read arbitrary local files; run initially in a sandbox or with non-sensitive sample files. 5) If you want to proceed safely, request an updated skill manifest that lists required binaries and required env vars or config paths; with that information the coherence and risk can be reassessed.
功能分析
Type: OpenClaw Skill Name: dbskiter-db-sql-auditor Version: 1.0.0 The skill bundle provides instructions for an AI agent to interface with a CLI tool named 'dbskiter' for SQL auditing, performance evaluation, and DDL impact analysis. The SKILL.md file outlines standard operational procedures for auditing SQL queries and files, with no evidence of malicious intent, data exfiltration, or prompt injection attacks designed to subvert the agent's behavior.
能力评估
Purpose & Capability
The skill is described as an SQL auditing tool and the SKILL.md repeatedly references the dbskiter CLI and appropriate audit/ddl/optimize commands — that aligns with the stated purpose. However, the manifest does not declare dbskiter as a required binary and gives no detail about how the CLI will authenticate to target databases (no required env vars/config paths). A legitimate SQL-audit skill would normally declare the CLI dependency and how to supply DB credentials or connection config.
Instruction Scope
Runtime instructions explicitly tell the agent to run dbskiter commands using a --database=<name> argument and to audit files by path. The SKILL.md assumes the existence of a working dbskiter installation and an accessible database connection but does not instruct how credentials or connection strings are provided or protected. That omission grants the agent broad implicit authority (it may end up accessing databases or local files) without declaring those requirements.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer or archive to review. This lowers install-time risk. However, the SKILL.md depends on an external CLI (dbskiter) that is neither provided nor declared.
Credentials
The skill requires connecting to databases (per the commands) but declares no required environment variables, primary credential, or config paths. That is disproportionate: database credentials/connection info are necessary for the described functionality and should be explicitly declared. The omission makes it unclear how secrets are supplied and handled.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but does not combine with other privilege escalations in the manifest.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install dbskiter-db-sql-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /dbskiter-db-sql-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Major change: Skill refocused from数据库诊断与优化 to SQL全生命周期审核。 - Skill renamed from db-diagnose to db-sql-auditor. - 功能由数据库性能与优化全面转向SQL规范审核、性能评估和DDL影响分析。 - 新增SQL审核、DDL影响、文件批量审核、审核规则查询、SQL优化、索引推荐、执行计划分析、成本估算、SQL重写等9大核心命令。 - 用法和触发场景调整为审核与规范相关诉求。 - 诊断、慢查询分析和性能瓶颈定位等功能已移除,专注于SQL标准化流程和优化建议。
元数据
Slug dbskiter-db-sql-auditor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

SQL全生命周期审核 是什么?

SQL全生命周期审核,支持SQL规范审核、性能评估、DDL影响分析。 使用场景: - 用户说"审核SQL" → 执行 sql "<SQL>" - 用户说"检查规范" → 执行 sql "<SQL>" - 用户说"DDL影响" → 执行 ddl "<DDL>" - 用户说"查看规则" → 执行 rules 用法:... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 50 次。

如何安装 SQL全生命周期审核?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dbskiter-db-sql-auditor」即可一键安装,无需额外配置。

SQL全生命周期审核 是免费的吗?

是的,SQL全生命周期审核 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

SQL全生命周期审核 支持哪些平台?

SQL全生命周期审核 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 SQL全生命周期审核?

由 magicCzc(@magicczc)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论