sql-splitter

拆分 SQL 文件为独立文件（存储过程、函数、视图、触发器、表结构、索引、约束），自动分析依赖并生成合并脚本

This skill appears to do what it says: split SQL files and produce per-object .sql files with dependency-aware merge scripts. Before installing or running it, consider the following: - Checkpoint pickle risk: The checkpoint system serializes data using Python's pickle module and loads from ~/.sql_splitter_checkpoints. Pickle deserialization can execute arbitrary code if an attacker can place a crafted .checkpoint file there. Only resume or load checkpoints you created yourself; do not import checkpoint files from untrusted sources. If you are uneasy, inspect the checkpoint files or replace/patch the code to use JSON instead of pickle. - Local filesystem writes: The tool will create config and checkpoint directories under your home directory and write split output to chosen output dirs. Ensure you run it with an account that has appropriate filesystem permissions and avoid running on a system with sensitive files in paths the tool might be pointed at. - Untrusted SQL: Treat input SQL files from untrusted sources cautiously. While the tool appears offline-only, SQL can contain commands that, when executed against a database, cause side effects. This tool only parses and writes files, but do not run the generated scripts against production databases without review. - Review/scan code: The package includes multiple scripts and tests; if you will use this in production, consider reviewing the included Python files (especially checkpoint.py and config_manager.py) or running them in an isolated environment (container, VM) first. If you want higher assurance, ask the author for a signed release, or request the checkpoint implementation be changed to a safe serialization format (JSON) and for explicit permission controls on checkpoint/config directories.

Type: OpenClaw Skill Name: sql-splitter Version: 2.2.0 The SQL splitter tool is a feature-rich utility that includes a GUI, batch processing, and session persistence. It is classified as suspicious primarily due to a critical security vulnerability in `scripts/checkpoint.py`, where `pickle.load` is used to deserialize local state files, which could be exploited for arbitrary code execution (RCE) if the checkpoint files are tampered with. Additionally, the tool automatically creates and manages hidden directories in the user's home folder (`~/.sql_splitter_checkpoints` and `~/.sql_splitter_configs`) for state and configuration storage. While these behaviors are risky, they appear to be unintentional flaws or standard tool behaviors rather than intentional malware, as no evidence of data exfiltration or malicious intent was found.