← 返回 Skills 市场
361
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install sql-connector
功能描述
Generic SQL Server connectivity for OpenClaw agents. Use when: (1) executing parameterized queries against SQL Server, (2) building repository layers that ne...
安全使用建议
This skill appears to implement the SQL Server connector it advertises, but there are a few red flags you should consider before installing:
- Required env vars are not declared in the registry metadata. The connector expects SQL_CLOUD_*/SQL_LOCAL_* (or SQL_{IDENT}_*) variables in an .env or the process environment. Confirm you are willing to provide database credentials to this skill.
- The code calls load_dotenv(..., override=True) when it finds a .env. That will overwrite existing environment variables with values from the file, which can be surprising and could unintentionally change other services' behavior. Consider storing credentials in a secure secret store or verifying .env contents before installation.
- Some config (SQL_DEFAULT_BACKEND) is read at import time before .env is loaded, so behavior can differ depending on how the module is imported. Test in your environment to ensure the connector picks up the intended backend.
- The README suggests installing via pip; prefer to review the pip package source or pin an exact version, and run the bundled tests in an isolated environment (or read the code) to confirm no unwanted network or file operations occur.
- If you plan to use this in production, prefer least-privilege DB credentials and network isolation (restrict DB user permissions and network access). If you need higher assurance, request the maintainer update the package metadata to declare required env vars and to stop overriding environment variables by default.
If you want, I can list the exact lines in the code that implement the .env loading, the override behavior, and the import-time default reads so you can review or point them to the maintainer.
功能分析
Type: OpenClaw Skill
Name: sql-connector
Version: 2.2.0
The sql-connector skill is a well-structured and legitimate SQL Server interface for OpenClaw agents. It demonstrates strong security practices, such as using a metaclass (_SealCoreMethods in sql_connector.py) to enforce parameterized queries and prevent SQL injection by sealing core execution methods. The code handles credentials safely via environment variables and includes comprehensive documentation and unit tests that align with its stated purpose.
能力评估
Purpose & Capability
The skill's name/description match the included code: it implements an MSSQL connector using pymssql and exposes execute/query/scalar/ping. However the registry metadata claims 'Required env vars: none' while the docs and code clearly require SQL_* credentials (SQL_CLOUD_*, SQL_LOCAL_*, or SQL_{IDENT}_*). That mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md/GETTING_STARTED instruct the agent/user to create a .env in the OpenClaw workspace and to run health checks (ping/telnet). Instructions do not ask the agent to read unrelated system files or contact external endpoints. Minor inconsistency: docs direct the user to ~/.openclaw/workspace/.env, but the code's _find_env searches relative to the module path (walking up 5 dirs), so the documented .env location may not be discovered automatically.
Install Mechanism
No install spec is provided in the registry (instruction-only skill). README and GETTING_STARTED recommend pip install and a requirements.txt lists pymssql and python-dotenv — expected for a Python DB driver. No downloads from arbitrary URLs or extraction steps present.
Credentials
The connector legitimately needs SQL credentials, and the code reads them from environment/.env (SQL_* variables). However: (1) the registry metadata did not declare these required environment variables, (2) the module uses load_dotenv(..., override=True) which will overwrite existing environment variables with values from the discovered .env (surprising and potentially harmful), and (3) some defaults (e.g. _DEFAULT_BACKEND) are read at import time before .env is loaded, causing inconsistent behavior depending on how the module is imported. These environment-handling choices are disproportionate to what a user might expect and can lead to accidental credential exposure or config surprises.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It loads .env lazily on first connector instantiation; it does not persist credentials itself. Autonomous invocation is allowed (platform default) which is expected for skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sql-connector - 安装完成后,直接呼叫该 Skill 的名称或使用
/sql-connector触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.0
GETTING_STARTED.md (494 lines) and SKILL_REFERENCE.md (712 lines) added. Publish workflow added. Custom backend naming documented. README updated with DEPENDENCY_PRIORITY.
v2.1.0
ping() method; SKILL.md cleanup
v2.1.0-alpha
Public alpha: rewrote README with pymssql API docs, sealed connector architecture, alpha warning, community invite.
v2.0.1
v2.0.1: pymssql transport, ABC sealed execute/query, get_connector factory, no sqlcmd
v2.0.0
v2.0: pymssql transport, ABC base, sealed execute/query, factory function — retires sqlcmd subprocess
元数据
常见问题
SQL Connector 是什么?
Generic SQL Server connectivity for OpenClaw agents. Use when: (1) executing parameterized queries against SQL Server, (2) building repository layers that ne... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 361 次。
如何安装 SQL Connector?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sql-connector」即可一键安装,无需额外配置。
SQL Connector 是免费的吗?
是的,SQL Connector 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
SQL Connector 支持哪些平台?
SQL Connector 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SQL Connector?
由 Oblio(@oblio-falootin)开发并维护,当前版本 v2.2.0。
推荐 Skills