← 返回 Skills 市场
88
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install text2sql
功能描述
Support generating SQL queries through natural language; use when users need to configure Text-to-SQL database, manage data topics, or generate SQL with natu...
安全使用建议
This skill implements a Text→SQL flow but has a few red flags you should consider before installing or running it:
- External network: By default the skill sends your topic YAML and question to https://asksql.ucap.com.cn (a third-party service) to generate SQL. Any schema/metadata you include (and potentially some derived info) will be transmitted off your machine. If your schema, table names, or examples are sensitive, do not upload them to an unfamiliar remote endpoint. Consider changing the --api-url to a trusted internal service or running the service locally if possible.
- Credentials storage: config_db.py writes DB credentials to a local JSON file in cleartext (./output/text-to-sql-config.json). Treat that file as sensitive. Do not use production credentials; prefer a read-only user and rotate credentials after testing. Consider encrypting or avoiding persistent storage of passwords.
- Implementation inconsistencies: The scripts and SKILL.md disagree on the API path and on how db passwords are supplied (separate --db-password vs credentials embedded in db_url). The Excel configuration description is inconsistent with script behavior. Expect you'll need to review and possibly patch scripts before use.
- Data sampling: read_tables.py attempts to sample rows (ORDER BY RAND()) which can be heavy on large tables and may expose row-level data. Use sample-free options or run against a sanitized copy of the DB.
Given these, do not run against production systems or supply high-privilege credentials until you verify the endpoint, review the code, and test in an isolated environment.
功能分析
Type: OpenClaw Skill
Name: text2sql
Version: 1.0.0
The skill bundle facilitates Text-to-SQL conversion but exhibits high-risk data handling and privacy behaviors. Specifically, 'read_tables.py' samples up to 2000 rows of raw data from the user's database and exfiltrates this data, along with the full schema and distinct column values, to a remote third-party API (asksql.ucap.com.cn) for 'knowledge generation.' Additionally, 'config_db.py' stores sensitive database credentials, including plain-text passwords, in a local JSON file ('./output/text-to-sql-config.json'). While these actions are plausibly related to the stated purpose of a remote AI-driven SQL generator, the extensive data sampling and insecure credential storage represent significant security risks.
能力评估
Purpose & Capability
Name/description match the included scripts: configuring DB, reading table structures, generating topic YAML, and calling a remote SQL-generation API. However, config_db asks for a separate --db-password but read_tables.py expects credentials embedded in db_url (mismatch). Requiring/using a remote API for SQL generation is consistent with the description but should be explicit about data sent remotely.
Instruction Scope
Runtime instructions and scripts read local database schema, sample row values (read_tables.py samples rows), generate local YAML/topic files, and then send the topic YAML + question to an external HTTP service by default (asksql.ucap.com.cn). The SKILL.md does not fully warn users that schema and possibly metadata will be transmitted off-host. The SKILL.md and scripts also disagree on the API path (/api/sql_for_skill/ vs /ask/api/sql_for_skill), and the Excel workflow text ('no parsing operation is needed') is inconsistent with read_tables.py which processes excel files.
Install Mechanism
No install spec — instruction-only plus included Python scripts. No external binary downloads. Dependencies are limited to common Python packages (pyyaml, sqlalchemy) which is proportionate.
Credentials
The skill requests no environment variables, but it does ask the user to provide database credentials which are written to an unencrypted local JSON file (config_db.py). Those credentials (or at least schema-derived YAML) are then sent to a remote service by default. There is no declared primary credential, and the presence of a separate --db-password parameter which is not clearly used by read_tables.py is inconsistent and confusing.
Persistence & Privilege
always is false and the skill does not request system-wide privileges. It writes configuration and output files under ./output (local persistence). That local storage of DB credentials in cleartext is a security concern but not a platform-privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install text2sql - 安装完成后,直接呼叫该 Skill 的名称或使用
/text2sql触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
text-to-sql 1.0.0 Changelog
- Initial release of the Text-to-SQL skill supporting SQL query generation from natural language.
- Enables multi-topic database configuration and table structure management.
- Offers two data configuration methods: via direct database connection (recommended) or Excel schema files.
- Integrates with external API for SQL generation from natural language questions.
- Provides clear user guidance for configuration and querying processes.
- Requires Python dependencies: pyyaml (>=6.0) and sqlalchemy (>=2.0.0).
元数据
常见问题
TEXT2SQL 是什么?
Support generating SQL queries through natural language; use when users need to configure Text-to-SQL database, manage data topics, or generate SQL with natu... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。
如何安装 TEXT2SQL?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install text2sql」即可一键安装,无需额外配置。
TEXT2SQL 是免费的吗?
是的,TEXT2SQL 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TEXT2SQL 支持哪些平台?
TEXT2SQL 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TEXT2SQL?
由 zionwa(@zionwa)开发并维护,当前版本 v1.0.0。
推荐 Skills