← 返回 Skills 市场
509
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install nl2sql
功能描述
自然语言转 SQL 查询助手。将用户的自然语言描述转换为 SQL 语句,自动执行并返回结果。 支持连接本地或远程 MySQL 数据库、用户自行指定数据库连接信息(host/port/user/password)、 增删改查(SELECT/INSERT/UPDATE/DELETE)、事务操作、多种输出格式(tabl...
安全使用建议
This skill appears to do what it says, but it requires you to provide database credentials and the included scripts pass passwords on the command line (mysql -p"password"), which can be visible to other local users and may be stored in process lists or logs. Also the skill instructs the agent to 'remember' connection info in the conversation — that could leave credentials in chat history. Before installing or using: (1) prefer giving a least-privilege, ephemeral DB account (read-only for queries; separate write account if necessary); (2) avoid providing production admin passwords in chat; (3) consider modifying the scripts to avoid passing passwords as CLI args (use mysql option files with restrictive permissions or prompt for password/stdin) or to accept a secure secret mechanism supported by your platform; (4) disable any long-term conversation memory for credentials or ensure the platform never persists them; (5) review and test the scripts in an isolated environment first. If you cannot accept these risks, treat the skill as unsafe to enable with real/privileged credentials.
功能分析
Type: OpenClaw Skill
Name: nl2sql
Version: 1.0.0
The skill bundle provides a natural language interface for MySQL database management, which involves high-risk capabilities such as shell execution and file access. Specifically, `scripts/query.sh` and `scripts/transaction.sh` can read arbitrary local files if the agent is manipulated into providing a sensitive file path as the SQL input. Additionally, `scripts/schema.sh` contains a potential SQL injection vulnerability by directly embedding the table name variable into a query string. While the `SKILL.md` and `references/guide.md` files include extensive security instructions to prevent credential leakage and require confirmation for destructive actions, the underlying scripts possess risky primitives that could be exploited if the AI agent's instructions are bypassed.
能力评估
Purpose & Capability
Name/description (convert NL to SQL and execute against MySQL) match the provided scripts and SKILL.md. The scripts implement schema discovery, listing databases, executing queries, and transactions, which are expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to remember connection info in the conversation and to pass host/port/user/password to scripts. Scripts accept arbitrary SQL and will execute it; destruction safeguards are described (confirm before DELETE/DROP/TRUNCATE) but enforcement depends on the agent following rules. The instruction to cache credentials in conversation expands the skill's scope to handling sensitive secrets in chat history.
Install Mechanism
No install spec; instruction-only plus included shell scripts. Nothing is downloaded or written during install. This low-install footprint is proportionate to the skill's purpose.
Credentials
The skill does not request unrelated environment credentials (no extraneous API keys), which is appropriate. However, it relies on users providing DB credentials and the scripts supply the password as mysql -p"PASSWORD" on the command line, which can expose passwords to other local users via process listings and shell histories. The requirement to 'remember connection info within the conversation' may cause passwords to be retained in chat context unless explicitly masked/managed.
Persistence & Privilege
always:false and no system-wide config changes — good. But the SKILL.md's recommendation to persist connection info in conversation means credential data may persist in chat logs/memory. This is a platform/configuration-level persistence risk rather than a skill-install privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nl2sql - 安装完成后,直接呼叫该 Skill 的名称或使用
/nl2sql触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the nl2sql skill.
- Converts natural language to SQL queries and executes them on MySQL databases.
- Supports both local and remote MySQL database connections; users can provide host, port, user, and password.
- Handles SELECT, INSERT, UPDATE, DELETE queries, as well as transaction operations.
- Multiple output formats supported: table (default), CSV, and JSON.
- Strict credential security enforced: never expose database passwords in any output or reply.
- Includes safety checks for destructive operations (e.g., DELETE/DROP must be confirmed by user).
元数据
常见问题
自然语言转 SQL 查询助手 是什么?
自然语言转 SQL 查询助手。将用户的自然语言描述转换为 SQL 语句,自动执行并返回结果。 支持连接本地或远程 MySQL 数据库、用户自行指定数据库连接信息(host/port/user/password)、 增删改查(SELECT/INSERT/UPDATE/DELETE)、事务操作、多种输出格式(tabl... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 509 次。
如何安装 自然语言转 SQL 查询助手?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nl2sql」即可一键安装,无需额外配置。
自然语言转 SQL 查询助手 是免费的吗?
是的,自然语言转 SQL 查询助手 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
自然语言转 SQL 查询助手 支持哪些平台?
自然语言转 SQL 查询助手 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 自然语言转 SQL 查询助手?
由 沧海一声笑(@cyesky)开发并维护,当前版本 v1.0.0。
推荐 Skills