← 返回 Skills 市场
Schema Builder
作者
BytesAgain2
· GitHub ↗
· v3.0.0
· MIT-0
559
总下载
0
收藏
2
当前安装
11
版本数
在 OpenClaw 中安装
/install schema-builder
功能描述
Build database schemas with SQL generation and relationship modeling. Use when designing databases.
安全使用建议
This skill appears to be a local schema-generation utility and is internally consistent with its description. Before installing or permitting autonomous execution: 1) note that there are two scripts—script.sh (documented) and schema.sh (undocumented commands) — both generate text only and do not contact external servers; 2) the tool will create ~/.local/share/schema-builder for its outputs; 3) the shell scripts have minor quoting bugs (harmless but could produce incorrect output), so run them in an isolated environment (or inspect/patch them) if you plan to run on production systems; and 4) because the skill can be invoked autonomously by the agent, restrict autonomous execution if you are uncomfortable with any code running locally without supervision.
功能分析
Type: OpenClaw Skill
Name: schema-builder
Version: 3.0.0
The skill bundle contains a shell injection vulnerability in `scripts/script.sh` within the `cmd_validate` function, where the second argument is used unquoted in a shell command (`[ -f $2 ]`), allowing for arbitrary command execution if a malicious filename is provided. Furthermore, `scripts/script.sh` is poorly implemented with broken variable interpolation (using single quotes for shell variables) and contains a large block of empty comment lines, a technique often used to hide malicious code from quick visual inspection. While no explicit evidence of data exfiltration or intentional malice was found, the combination of critical vulnerabilities and suspicious coding patterns warrants a suspicious classification.
能力评估
Purpose & Capability
The declared purpose (database schema building) matches the included scripts: both scripts/schema.sh and scripts/script.sh produce schema designs, SQL, migrations, seeds and ER diagrams. Minor inconsistency: SKILL.md documents commands that call scripts/script.sh, while scripts/schema.sh contains additional commands (design, sql, migrate, seed, erd, etc.) that are not listed in SKILL.md. All functionality is still within the domain of schema generation.
Instruction Scope
SKILL.md instructs running scripts/script.sh and states data is stored in ~/.local/share/schema-builder. The scripts only create that directory and print/generated SQL/text; they do not read other system configuration or send data externally. Small issues: scripts/script.sh uses some unquoted shell variables (e.g., [ -f $2 ]) and echoes literal $2/$3 in single quotes (likely a bug), which are operational bugs but not secret-exfiltration behavior.
Install Mechanism
No install spec is present (instruction-only plus included scripts). No downloads, package installs, or archive extraction are performed by the skill bundle.
Credentials
The skill declares no required environment variables or credentials. The scripts use $HOME to create a local data directory (~/.local/share/schema-builder), which is proportional and expected for a local CLI-style tool.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It only creates a directory within the user's home for storing its outputs; it does not modify other skills or system-wide config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install schema-builder - 安装完成后,直接呼叫该 Skill 的名称或使用
/schema-builder触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
v3.0.0: rewrite
v2.0.1
update
v2.0.0
v2.5 standard: Use-when desc, homepage, source, security fix
v2.3.4
yaml-fix+quality
v2.3.3
yaml-fix+quality
v2.3.2
Quality upgrade
v2.3.1
Quality upgrade: custom functionality
v2.3.0
Quality fixes: removed third-party references, aligned docs with implementation
v2.2.0
Enhanced descriptions for better AI triggering
v1.0.1
Add runtime declaration + security compliance
v1.0.0
- Initial release of schema-builder: a database schema designer with multiple features.
- Supports designing table structures, generating SQL DDL, migration scripts, seed data, ER diagrams, optimization reports, NoSQL schemas, and schema diffs.
- Provides commands: design, sql, migrate, seed, erd, optimize, nosql, compare.
- Compatible with MySQL, PostgreSQL, SQLite, MongoDB, and Redis.
元数据
常见问题
Schema Builder 是什么?
Build database schemas with SQL generation and relationship modeling. Use when designing databases. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 559 次。
如何安装 Schema Builder?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install schema-builder」即可一键安装,无需额外配置。
Schema Builder 是免费的吗?
是的,Schema Builder 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Schema Builder 支持哪些平台?
Schema Builder 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Schema Builder?
由 BytesAgain2(@ckchzh)开发并维护,当前版本 v3.0.0。
推荐 Skills