← 返回 Skills 市场

GraphCare — Structural Database Health Scanner

Name: GraphCare — Structural Database Health Scanner
Author: nlr-ai

作者 NLR · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

151

总下载

当前安装

版本数

在 OpenClaw 中安装

/install graphcare

功能描述

Structural database health scanner. Audits schema topology for orphaned tables, missing indexes, nullable FKs, circular dependencies — without ever reading r...

使用说明 (SKILL.md)

GraphCare — Structural Database Health Scanner

The first structural antivirus for AI databases. Scans your schema topology for hidden problems — without ever touching your data.

Why

AI agents evolve schemas at speed. But nobody audits the structure. Over time:

Foreign keys lose their indexes (JOINs slow to a crawl)
Tables drift into isolation (orphaned, unreachable data)
Primary keys go missing (replication breaks, ORMs fail)
Nullable FKs create silent referential gaps
Circular dependencies make inserts impossible
Redundant indexes waste disk and slow writes

GraphCare catches all of this in one scan.

Zero-Trust by Design

GraphCare only queries metadata (information_schema, PRAGMA, pg_indexes). It is structurally impossible for it to read, leak, or mutate your row data.

READ-ONLY: Zero writes, zero mutations
NO ROW DATA: Only schema metadata is accessed
STATELESS: Memory purged after every scan

Setup

GraphCare is an MCP server. Add it to your MCP client config:

{
  "mcpServers": {
    "graphcare": {
      "command": "node",
      "args": ["/path/to/graphcare/index.js"]
    }
  }
}

Or run via Docker:

docker build -t graphcare .
docker run -i graphcare

Or install from npm:

npm install -g graphcare-mcp
graphcare-mcp

Tools

`audit_db_structure`

Full structural scan. Pass a connection string, get a complete health report.

Parameters:

connection_string (required) — Database URI: postgresql://, mysql://, sqlite:///path/to/db, or just file.db

Returns: JSON report with:

db_type — Database engine detected
tables[] — All tables found
findings[] — Each structural issue with type, severity, table, and message
metrics{} — Counts per finding type + computed health_score (0-100)

Example:

Use graphcare to audit my database at postgresql://localhost:5432/myapp

The agent calls audit_db_structure with the connection string and receives a structured JSON report.

`explain_finding`

Plain-language explanation of any finding type. Includes severity, impact, and recommended fix.

Parameters:

finding_type (required) — One of: orphaned_table, missing_fk_index, duplicate_index, nullable_fk, no_primary_key, circular_dependency
context (optional) — Table or column name for specific advice

What GraphCare Detects

Finding	Severity	Impact
Orphaned Tables	Warning	Structurally isolated dead weight
Missing FK Indexes	Critical	#1 cause of slow JOINs and DELETEs
No Primary Key	Critical	Breaks replication and ORMs
Nullable Foreign Keys	Warning	Hidden referential integrity gaps
Circular Dependencies	Warning	Makes clean inserts impossible
Duplicate Indexes	Info	Wasted disk, slower writes

Supported Databases

PostgreSQL — Full 6-finding detection via information_schema + pg_indexes
MySQL — Full detection via information_schema
SQLite — Full detection via sqlite_master + PRAGMA

Security

This tool runs read-only queries against database metadata catalogs only. It never executes SELECT on user tables, never writes, and holds no state between invocations. Connection strings are received via MCP JSON-RPC over stdin — never exposed in process listings.

Built by Mind Protocol.

安全使用建议

GraphCare appears to implement a schema-only audit and is internally consistent, but take these precautions before installing: 1) Prefer invoking audits by passing connection URIs over the MCP JSON-RPC (stdin) rather than as process args to avoid leaking URIs in process listings. 2) If you plan to audit SQLite files, realize sql.js/readFileSync will read the DB file from disk — review the code and consider running scans in an isolated environment if the DB contains sensitive row data. 3) The SKILL.md shows Docker-based installation but no Dockerfile is included; follow safe install practices (review package.json and package-lock, install dependencies from their registries, run in a sandbox or container you control). 4) If you need higher assurance, request the full (untruncated) index.js for manual review or run the tool against a non-production snapshot first. Overall the skill looks coherent with its stated purpose, but validate how you supply connection strings and where you run it.

功能分析

Type: OpenClaw Skill Name: graphcare Version: 1.0.0 The GraphCare skill bundle is a database schema auditor that identifies structural issues like missing indexes and circular dependencies. Analysis of 'index.js' confirms it only queries database metadata (e.g., information_schema, PRAGMA) and does not access row data or exfiltrate credentials. The implementation aligns with the stated purpose in 'SKILL.md' and lacks any indicators of malicious intent, unauthorized network calls, or prompt-injection attacks.

能力评估

✓ Purpose & Capability

Name/description claim a read-only schema auditor for Postgres/MySQL/SQLite. The code imports pg, mysql2, and sql.js and issues metadata queries (information_schema, pg_indexes, PRAGMA) consistent with the stated capability. Required binary is only node; no unrelated credentials or external endpoints are requested.

ℹ Instruction Scope

SKILL.md and index.js describe only metadata queries and JSON-RPC receipt of connection strings via stdin. The Postgres adapter shown issues only information_schema/pg_indexes/pg_index queries (metadata-only). However: index.js imports readFileSync and sql.js (likely used for SQLite). Reading a SQLite file with sql.js necessarily reads the DB file into memory — even if only metadata queries are executed, that process touches the file on disk. Also SKILL.md asserts connection strings are 'never exposed in process listings' (true if delivered via stdin/JSON-RPC), but that guarantee depends on how the MCP runtime is configured (if someone passes connection URIs as process args, they could appear in ps). Finally, SKILL.md suggests Docker usage but no Dockerfile is present in the provided files (inconsistency).

✓ Install Mechanism

There is no install spec in the registry bundle (instruction-only), but a package.json and package-lock are included so the tool is intended to be run with node and standard npm dependencies. Dependencies are typical for an MCP server that speaks to databases (@modelcontextprotocol/sdk, pg, mysql2, sql.js). No remote arbitrary downloads or suspicious install URLs were present in the bundle.

✓ Credentials

The skill requests no environment variables or credentials. That matches its stated purpose: it operates on a connection string supplied at runtime. There are no requests for unrelated secrets or config paths.

✓ Persistence & Privilege

Flags show always:false and no claims of permanently altering agent/system configuration. The code asserts 'STATELESS' and the package manifest does not request escalated privileges; nothing in the bundle suggests persistent presence or modification of other skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install graphcare
安装完成后，直接呼叫该 Skill 的名称或使用 /graphcare 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

GraphCare 1.0.0 — Initial Release - Launches a structural database health scanner for PostgreSQL, MySQL, and SQLite - Detects orphaned tables, missing indexes on foreign keys, nullable foreign keys, circular dependencies, and more - Scans schema topology only—never reads, writes, or mutates row data - Provides detailed JSON health reports and plain-language finding explanations - Usable via MCP server, Docker, or npm CLI - Fully read-only and stateless by design

元数据

Slug graphcare

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题