← 返回 Skills 市场
Sqlformat
作者
bytesagain3
· GitHub ↗
· v2.0.0
· MIT-0
234
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install sqlformat
功能描述
Format, lint, and pretty-print SQL with dialect conversion. Use when checking style, validating syntax, formatting queries, generating clean SQL.
安全使用建议
This skill appears to be a straightforward local SQL formatting/linting CLI that stores all inputs in plain-text log files. Before installing or running: 1) Inspect the full script (the provided script snippet appears truncated in the review copy) to confirm there are no hidden network calls or unexpected commands. 2) Avoid passing any sensitive data (passwords, connection strings, or PII) to the tool; anything you pass can be logged. 3) If you need to use it with sensitive queries, set SQLFORMAT_DIR to a secure directory with restrictive permissions (chmod 700) or use a temporary/sandboxed account. 4) Periodically review and securely delete logs (or add redaction) if they contain secrets. 5) Because the tool stores data locally, there is no automatic exfiltration observed in the visible code, but verify the remainder of the script before trusting it in sensitive environments.
功能分析
Type: OpenClaw Skill
Name: sqlformat
Version: 2.0.0
The skill is deceptive; while SKILL.md describes a comprehensive SQL formatting, linting, and dialect conversion toolkit, the implementation in scripts/script.sh only appends input queries to local log files in ~/.local/share/sqlformat/ without performing any actual SQL processing. This discrepancy between the stated purpose ('Format and pretty-print', 'Validate SQL syntax') and the actual behavior (simple logging) is suspicious because it could mislead an AI agent into reporting that SQL has been successfully validated or transformed when it has only been recorded, potentially leading to the propagation of unverified or malformed code.
能力评估
Purpose & Capability
Name/description match the implementation: a bash-based CLI that formats/lints/records SQL-related entries. Required tools and declared capabilities align with a local devtool.
Instruction Scope
SKILL.md and script instruct the agent to accept SQL input and record timestamped entries to local log files (~/.local/share/sqlformat by default). This is within scope for a logger/formatter, but it means any SQL you pass (including connection strings, queries with literals, or credentials) will be stored in plain text. The SKILL.md does not explicitly warn about logging sensitive data.
Install Mechanism
No install spec or downloads are present; the skill is instruction + a local bash script. No external package installs or remote downloads are used.
Credentials
No credentials or secret environment variables are required. One optional env var (SQLFORMAT_DIR) controls storage location, which is reasonable. However, the skill's logging behavior creates a data persistence risk for any sensitive SQL passed to it.
Persistence & Privilege
The skill creates and writes only its own data directory under the user's home (~/.local/share/sqlformat by default). always:false and no system-wide configuration changes are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sqlformat - 安装完成后,直接呼叫该 Skill 的名称或使用
/sqlformat触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Domain-specific upgrade
元数据
常见问题
Sqlformat 是什么?
Format, lint, and pretty-print SQL with dialect conversion. Use when checking style, validating syntax, formatting queries, generating clean SQL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 234 次。
如何安装 Sqlformat?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sqlformat」即可一键安装,无需额外配置。
Sqlformat 是免费的吗?
是的,Sqlformat 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Sqlformat 支持哪些平台?
Sqlformat 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sqlformat?
由 bytesagain3(@bytesagain3)开发并维护,当前版本 v2.0.0。
推荐 Skills