← 返回 Skills 市场
209
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install mssql
功能描述
Execute SQL Server queries and export results as delimiter-separated text. Use when the user asks to fetch, insert, update, or manage data in Microsoft SQL S...
使用说明 (SKILL.md)
MSSQL
Run SQL Server queries using scripts/mssql_query.sh.
Quick start
- Ensure credentials exist at:
~/.openclaw/credentials/mssql.env - Run a query:
bash skills/mssql/scripts/mssql_query.sh --query "SELECT TOP 20 name FROM sys.tables" - Save to file:
bash skills/mssql/scripts/mssql_query.sh --query "SELECT TOP 100 * FROM dbo.MyTable" --out /tmp/mytable.dsv
Credentials format
Expected env vars in ~/.openclaw/credentials/mssql.env:
MSSQL_HOSTMSSQL_DBMSSQL_USERMSSQL_PASSWORD- Optional:
MSSQL_PORT(default1433),MSSQL_ENCRYPT(yes/no, defaultyes),MSSQL_TRUST_CERT(yes/no, defaultno),SQLCMD_BIN
The credential file path can be overridden with the MSSQL_ENV_FILE environment variable.
Permissions
Query permissions are controlled entirely at the SQL Server user level. The script does not impose any restrictions on query type — the database user's grants determine what is allowed.
Database reference map
Place your database map at references/DB_MAP.md inside this skill folder. This file tells the agent which databases, schemas, and tables to use and how they relate to each other.
See references/DB_MAP.example.md for the expected format.
Useful patterns
- Run long query from file:
bash skills/mssql/scripts/mssql_query.sh --file /path/query.sql --out /tmp/out.dsv - Override database:
bash skills/mssql/scripts/mssql_query.sh --db OtherDB --query "SELECT TOP 10 * FROM dbo.Users" - Change delimiter:
bash skills/mssql/scripts/mssql_query.sh --query "SELECT ..." --delim "," - Increase timeout:
bash skills/mssql/scripts/mssql_query.sh --query "SELECT ..." --timeout 180
Output format
Output is delimiter-separated text, not RFC 4180 CSV. Fields are not quoted or escaped. This works well for structured numeric and short-text data. If your columns contain embedded delimiters, quotes, or newlines, the output may be malformed — choose a delimiter that does not appear in the data, or post-process the output.
Best practices
- Prefer explicit columns over
SELECT *. - Use
TOPfor exploratory samples. - Keep queries scoped to the user request.
- Answer in business language by default; provide SQL details when requested.
- Never print or expose credentials in responses.
Troubleshooting
sqlcmd not found-> install sqlcmd v18+ or setSQLCMD_BIN.- TLS/certificate issues on internal networks -> set
MSSQL_TRUST_CERT=yesin your credentials file. The default isno(certificate validation enabled).
安全使用建议
This skill appears to do what it says: run SQL Server queries via sqlcmd and emit delimiter-separated text. Before installing or using it, consider the following practical precautions:
- Protect the credential file (~/.openclaw/credentials/mssql.env): it is sourced by the script, so it must contain only trusted variable assignments and be file-permission restricted (e.g., chmod 600). Because the script 'sources' the file, any shell commands in it would be executed.
- Use least-privilege DB credentials: create a dedicated user with only the minimum permissions needed (ideally read-only for reporting tasks) to limit risk if credentials are compromised.
- Review and control SQL you run: the script imposes no query-level restrictions — destructive statements (DELETE, DROP) will run if the DB user has rights. When allowing an automated agent to issue queries, limit scope and require user confirmation for privileged operations.
- Secure transport and certificate options: the script supports encryption and a TRUST_CERT flag; prefer encrypted connections and only set trust-cert when you understand the implications.
- Protect output files: the script can write query results to arbitrary paths via --out; ensure downstream handling of those files does not leak sensitive data.
- Confirm sqlcmd version and installation source: the script expects sqlcmd v18+; install from official Microsoft packages for your platform.
Given the above operational precautions, the skill is internally consistent and appropriate for its described purpose.
功能分析
Type: OpenClaw Skill
Name: mssql
Version: 1.0.2
The mssql skill is a standard database utility designed to execute SQL Server queries using the 'sqlcmd' binary. The core logic in 'scripts/mssql_query.sh' safely handles credentials via environment variables and provides expected functionality such as query execution, output redirection, and custom delimiters. The 'SKILL.md' file includes appropriate security guidance for the AI agent, such as instructions to never expose credentials. No indicators of malicious intent, data exfiltration, or unauthorized persistence were found.
能力标签
能力评估
Purpose & Capability
Name, description, required binaries (sqlcmd), and required env vars (MSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD) align with a tool that runs Microsoft SQL Server queries and exports delimiter-separated output. No unrelated services, credentials, or binaries are requested.
Instruction Scope
The SKILL.md and script keep scope to SQL Server operations. The script sources a credentials file (~/.openclaw/credentials/mssql.env) which is expected for DB access, and it can read SQL from a user-specified file path (--file). Sourcing the env file means if that file contains malicious shell code it would be executed; this is an operational risk (not mismatch) and should be mitigated by protecting the file and its contents. The script also exports MSSQL_PASSWORD into SQLCMDPASSWORD (to avoid showing it on the process command line) — expected behavior for sqlcmd usage.
Install Mechanism
No install spec is provided (instruction-only plus a small script), so nothing is downloaded or written during install by the skill itself. Requiring sqlcmd to be present is appropriate and proportionate.
Credentials
The skill requests only the environment variables necessary for connecting to SQL Server (host, DB, user, password, optional port/encryption flags). The number and type of env vars are appropriate for the stated functionality. No unrelated credentials are requested.
Persistence & Privilege
always:false (default) and no install-time changes to other skills or system-wide settings are requested. The skill does not attempt to persist beyond its own files or change other skills' configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mssql - 安装完成后,直接呼叫该 Skill 的名称或使用
/mssql触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
v1.0.2 — Declare required env vars in metadata
- Added MSSQL_HOST, MSSQL_DB, MSSQL_USER, MSSQL_PASSWORD to requires.env
- Fixes manifest/metadata inconsistency flagged by ClawHub security scan
v1.0.1
v1.0.1 — Security hardening + contract fix
- Password no longer exposed in process list (uses SQLCMDPASSWORD env var)
- MSSQL_TRUST_CERT defaults to no (certificate validation enabled)
- Output contract renamed to delimiter-separated text (not CSV) — docs, examples, and help text updated
- Fixed --out crash with filename-only paths
- Fixed separator line removal — now position-aware (line 2 only)
- Added --db flag for ad-hoc database override
v1.0.0
Initial release — SQL Server queries and CSV export, no query restrictions, permissions at DB user level
元数据
常见问题
MSSQL 是什么?
Execute SQL Server queries and export results as delimiter-separated text. Use when the user asks to fetch, insert, update, or manage data in Microsoft SQL S... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 209 次。
如何安装 MSSQL?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mssql」即可一键安装,无需额外配置。
MSSQL 是免费的吗?
是的,MSSQL 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MSSQL 支持哪些平台?
MSSQL 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MSSQL?
由 Umbra(@mohamed-hammane)开发并维护,当前版本 v1.0.2。
推荐 Skills