SnowflakeDataEngineer

Execute read-only Snowflake SELECT queries with forbidden keyword blocking, row limits, timeouts, and structured JSON results.

Key things to consider before installing or running this skill: - Declared vs actual requirements: The registry metadata claims no required credentials, but the code expects Snowflake credentials (user, account, warehouse, database, schema, role, and possibly a private key path). Do not provide these until you confirm how the skill will be hosted and how secrets are supplied. - dotenv risk: app/config.py calls load_dotenv(), so the skill will read a .env file from its working directory and populate environment variables. If you run this agent in an environment with a .env containing unrelated secrets, the skill could pick those up. Run the skill in an isolated environment or remove/override load_dotenv() if you cannot guarantee .env contents. - Authentication and metadata mismatch: skill.yaml lists authentication: none while the service needs Snowflake credentials; confirm whether your platform will inject credentials, and if so ensure least-privilege (a Snowflake role with strictly read-only permissions). Require explicit declaration of needed env vars before trusting the skill. - Validate the validator: The SQL validator is regex-based and appends a LIMIT if missing. Regex checks are brittle — consider stronger protections (reject multiple statements, disallow statement separators, use a SQL parser, or enforce LIMIT server-side). Also ensure ALTER SESSION and other session-level settings are acceptable in your environment. - Dependency & deployment: requirements.txt lists third-party packages (including the Snowflake connector). Ensure dependencies are installed from trusted sources and run the service in a sandbox/container with limited network/file access. - Testing: Before giving production credentials, run the service with test-only credentials in an isolated environment to confirm behavior and logging. Review logs and network activity to ensure there are no unexpected outbound endpoints. If you need, I can list concrete hardening changes (explicit env declarations in skill metadata, remove load_dotenv or restrict to a named file, stricter SQL parsing, and explicit error handling) or produce a checklist for secure deployment.

Type: OpenClaw Skill Name: snowflake Version: 1.0.0 The skill is classified as suspicious due to a vulnerability in `app/validator.py`. While the skill aims to enforce 'SELECT-only' queries and blocks common DDL/DML keywords, it fails to include 'UNION' in its `FORBIDDEN_KEYWORDS` list. This omission could allow an attacker to craft `UNION` queries to potentially access data from different tables or schemas within the Snowflake environment, bypassing the intended narrow scope, assuming the underlying Snowflake role has such permissions. This is a significant flaw in the security enforcement logic, but there is no evidence of intentional malicious behavior like data exfiltration to external endpoints or backdoor installation.