← 返回 Skills 市场
rm-ra

sql-doc

作者 rm-ra · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
269
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install sql-doc
功能描述
通过数据库API查询表数据,对指定数据进行分析并生成包含多维度信息的Word格式分析报告。
安全使用建议
This skill is internally inconsistent: SKILL.md tells you to curl an internal API and then run a Python script, but the provided analyze_data.py only uses a hard-coded sample dataset (it doesn't read the curl output). Before installing or running, verify these points: 1) Confirm you intended to contact the internal endpoint 192.168.5.85:8000 and that doing so is allowed and safe — the skill's examples reference police incident data which may be sensitive or regulated. 2) The script requires python-docx but no install steps are provided; run in an environment with required Python packages or update the skill to declare/install dependencies. 3) Decide how API results should be passed to the script (save curl output to a file and modify the script to read it, or update the script to call the API itself). 4) Because the code and instructions don't match, inspect and test the skill in an isolated environment before using on real data; review/modify the SQL examples to avoid accidental exfiltration of sensitive records. If you need this to actually query and process live API results, ask the maintainer (or modify the script) so the script reads JSON output from the API rather than using embedded sample data.
功能分析
Type: OpenClaw Skill Name: sql-doc Version: 1.0.1 The skill bundle facilitates raw SQL execution via curl commands to an internal IP (192.168.5.85), which presents a significant security risk for unauthorized data access or manipulation. Additionally, the analyze_data.py script contains hardcoded sensitive information, including what appear to be Chinese citizen ID numbers and records of domestic disputes, raising privacy and data handling concerns. While no clear evidence of intentional data exfiltration to external domains was found, the combination of raw SQL capabilities and the processing of PII makes this bundle high-risk.
能力评估
Purpose & Capability
The declared purpose (query a database API and generate a Word report) matches the general contents, but there are important mismatches: SKILL.md uses the skill name 'db-analyst' while registry shows 'sql-doc'; analyze_data.py contains a hard-coded sample dataset rather than code that reads the API response, so the script as provided will not process results from the curl commands described in SKILL.md. The Python script also imports python-docx (from package 'docx') but no dependencies or install steps are declared.
Instruction Scope
SKILL.md instructs the agent to run curl against http://192.168.5.85:8000/query (an internal/private IP) and to run a python script at /root/.openclaw/workspace/skills/db-analyst/analyze_data.py. However, SKILL.md never shows how to pipe/save the curl output or how the script will read it. The script does not perform any network calls or read stdin/files — it uses embedded static data — so the instructions and the code are not integrated. The mapping file and examples include SQL queries that could access sensitive police records; the skill does not limit or sanitize queries.
Install Mechanism
There is no install spec (instruction-only), which limits risk from arbitrary installs. However, the script requires the python-docx library (import docx) and expects to run under Python3; these dependencies are not declared. No code is downloaded at install time beyond the provided files.
Credentials
The skill requests no environment variables, no credentials, and no config paths, which is proportionate. Note: SKILL.md directs network requests to a specific internal IP (192.168.5.85), which is not an environment variable but is potentially sensitive and should be verified.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes a report to /root/.openclaw/workspace/分析报告.docx (inside the workspace) — this is expected for a report generator and does not modify other skills or system configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install sql-doc
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /sql-doc 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
No changes detected in this version.
v1.0.0
- 首发版本,提供数据库分析与Word报告生成功能。 - 支持通过curl命令查询数据库API并获取表数据。 - 提供关键词-表名映射文件,便于快速定位查询目标。 - 包含Python脚本实现数据分析和Word格式报告自动生成。 - 分析报告涵盖数据总览、纠纷类型/原因、地点、时间分布、处置单位等多项内容。
元数据
Slug sql-doc
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

sql-doc 是什么?

通过数据库API查询表数据,对指定数据进行分析并生成包含多维度信息的Word格式分析报告。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 269 次。

如何安装 sql-doc?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sql-doc」即可一键安装,无需额外配置。

sql-doc 是免费的吗?

是的,sql-doc 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

sql-doc 支持哪些平台?

sql-doc 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 sql-doc?

由 rm-ra(@rm-ra)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论