← 返回 Skills 市场
sqlserver-tidb-replay
作者
Dongdong-Bryant
· GitHub ↗
· v1.0.0
· MIT-0
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install sqlserver-tidb-replay
功能描述
Replay SQL Server slow query logs on TiDB to verify compatibility, compare performance, and generate syntax conversion reports during migration.
安全使用建议
This skill appears to do what it says (parse SQL Server slow logs, convert SQL, replay to TiDB, and generate reports), but review and take these precautions before use:
- Run only in a test/replica environment. The replay script will execute SQL statements against the provided TiDB endpoint and can modify data.
- Provide TiDB credentials with least privilege (ideally a read/limited account or a copy of production data in a sandbox). Avoid using highly privileged or production admin credentials.
- The package metadata lists no required env vars, but the README/scripts expect TIDB_HOST,TIDB_PORT,TIDB_USER,TIDB_PASSWORD,TIDB_DATABASE — ensure you supply them securely (prefer CLI args or a secrets manager over committing env vars into shared shells).
- The SKILL.md recommends running a PowerShell collector (collect_xe.ps1) that is not included. Obtain and inspect that collector script from a trusted source before running it on Windows servers.
- Install Python dependencies (pymysql, pandas) in an isolated virtualenv and inspect the code yourself. The included scripts are readable; verify any additional third-party code you install.
- Backup any target database or use an isolated test cluster. Consider running with a user that has transactional or read-only permissions where possible.
If you want higher confidence: ask the publisher for the missing collect_xe.ps1, update the skill metadata to declare required env vars, and provide a requirements.txt or install instruction so dependency installation is explicit.
功能分析
Type: OpenClaw Skill
Name: sqlserver-tidb-replay
Version: 1.0.0
The skill bundle provides a functional toolset for migrating SQL Server workloads to TiDB by replaying query logs. While the behavior aligns with the stated purpose, the bundle is classified as suspicious due to significant security vulnerabilities: `replay_tidb.py` executes arbitrary SQL statements from input files without validation, and `analyze_results.py` is vulnerable to Cross-Site Scripting (XSS) by embedding raw SQL and database error messages directly into an HTML report without sanitization. No evidence of intentional malice, such as hardcoded backdoors or data exfiltration, was detected.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the four included scripts (CSV→SQL, CSV parsing, replay to TiDB, analysis) are coherent: all are directly related to replaying SQL Server slow queries on TiDB and generating compatibility/performance reports.
Instruction Scope
SKILL.md restricts actions to local log collection, CSV normalization, JSON conversion, replay to TiDB, and local analysis. It instructs running a PowerShell collector (collect_xe.ps1) which is not included in the package. The runtime instructions reference environment variables (TIDB_*) and CLI args as ways to provide TiDB credentials; the skill will execute arbitrary SQL statements against the target TiDB instance (expected for this purpose) — so run only against test/replica environments.
Install Mechanism
No install spec is present (instruction-only + code files), so nothing will be automatically downloaded or executed during install. The scripts require Python packages (pymysql, pandas) but the skill does not include an automated installer — you must install dependencies manually. No suspicious external download URLs or extract steps are present.
Credentials
Registry metadata lists no required environment variables, but SKILL.md and replay_tidb.py expect/mention TIDB_HOST, TIDB_PORT, TIDB_USER, TIDB_PASSWORD, TIDB_DATABASE (via CLI args or os.getenv). That mismatch (declared none vs actual usage) is an incoherence that could confuse permission/secret handling. The scripts will accept credentials and will use them to connect and execute SQL — these are sensitive and must be scoped to non-production accounts.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system configuration. It operates only when invoked and writes its own output files to configurable directories; autonomy and persistence are normal and not elevated here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sqlserver-tidb-replay - 安装完成后,直接呼叫该 Skill 的名称或使用
/sqlserver-tidb-replay触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**Initial release of SQL Server → TiDB SQL Replay Tool**
- Enables replay of SQL Server slow query logs for migration testing, performance comparison, and compatibility analysis with TiDB.
- Provides end-to-end workflow: slow log collection, CSV-to-SQL conversion, parsing, parallel replay to TiDB, and result analysis.
- Automatically transforms SQL Server-specific syntax to TiDB-compatible formats and generates syntax conversion suggestions.
- Produces comprehensive reports, including error rates, performance metrics, and syntax compatibility statistics.
- Supports PowerShell-based log collection, Python scripting, and detailed replay output for auditing and troubleshooting.
元数据
常见问题
sqlserver-tidb-replay 是什么?
Replay SQL Server slow query logs on TiDB to verify compatibility, compare performance, and generate syntax conversion reports during migration. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 sqlserver-tidb-replay?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sqlserver-tidb-replay」即可一键安装,无需额外配置。
sqlserver-tidb-replay 是免费的吗?
是的,sqlserver-tidb-replay 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
sqlserver-tidb-replay 支持哪些平台?
sqlserver-tidb-replay 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 sqlserver-tidb-replay?
由 Dongdong-Bryant(@dongdong-bryant)开发并维护,当前版本 v1.0.0。
推荐 Skills