← 返回 Skills 市场

Zero TiDB(Deprecated)

Name: Zero TiDB(Deprecated)
Author: bosn

作者 Bosn · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

552

总下载

当前安装

版本数

在 OpenClaw 中安装

/install zero

功能描述

Create ephemeral TiDB Cloud Zero databases for agent workflows in Technical Preview.

安全使用建议

What to check before installing: - Provenance: The skill's source/homepage is unknown and the skill name includes "(Deprecated)" — verify who published it and whether this is an official TiDB/PingCAP offering before trusting it. - Runtime dependencies: SKILL.md examples use curl, jq, the mysql CLI and Node's mysql2, but the skill metadata lists no required binaries. Ensure those tools are available in the agent environment or the instructions will fail. Consider asking the publisher to list explicit runtime dependencies. - API safety: The guide implies provisioning via POST to https://zero.tidbapi.com without any auth. Confirm the API's access controls and rate limits with the provider — unauthenticated provisioning can be abused and may expose you to unexpected costs or resource creation. - Secrets handling: The API returns DB credentials; the skill explicitly tells the agent to write them to a local file. Ensure the agent environment is sandboxed, that files are stored securely, and that the agent is not allowed to exfiltrate files to untrusted endpoints. - Test manually first: Run the documented curl commands yourself from a controlled environment to confirm behavior and inspect the response shape and expiration policy. If you cannot verify the publisher or the API behavior, or you do not want the agent to make external network calls, do not install or do not grant network access/autonomous invocation. If you proceed, ask the skill author to correct metadata (declare required binaries) and provide an official documentation link or contact.

功能分析

Type: OpenClaw Skill Name: zero Version: 1.0.1 The skill's primary purpose is to provision TiDB Cloud Zero databases, which involves making API calls and providing connection details. However, the `SKILL.md` file contains instructions for the agent to execute `mysql` commands where the connection string, obtained directly from an external API response (`zero.tidbapi.com`), is interpolated into a shell command. This pattern (`mysql "<connectionString>"`) presents a shell injection vulnerability (RCE risk) if the `connectionString` returned by the API were maliciously crafted, even though the skill author's intent is to connect to their own provisioned database. This risky capability, despite lacking clear malicious intent from the skill author, warrants a 'suspicious' classification due to the potential for remote code execution via a compromised API endpoint.

能力评估

✓ Purpose & Capability

The name and description (ephemeral TiDB Cloud Zero DBs) align with the SKILL.md instructions: call an API endpoint to provision an instance and then connect with a MySQL-compatible client. The actions described (POST to an API, read returned connection string, run SQL) are coherent for this purpose.

ℹ Instruction Scope

Instructions stay within the stated purpose (provision, connect, optionally bootstrap demo data). They instruct saving credentials to a local file and show CLI/Node examples. There is no instruction to read unrelated user files or other system secrets, but the guide tells the agent to persist sensitive credentials locally — this increases risk if the agent environment has network or exfiltration capabilities. The SKILL.md uses external commands/tools (curl, jq, mysql, Node "mysql2") which are required at runtime but are not declared in the skill metadata.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files, so nothing is written to disk by the installer. This is the lowest-installation risk surface.

⚠ Credentials

The skill declares no required env vars or credentials, which is plausible if the API is unauthenticated, but the runtime instructions rely on external tooling (curl, jq, mysql client, Node library). The metadata omission of these runtime dependencies is an inconsistency. The SKILL.md also instructs storing the returned database credentials in a local file — that is appropriate but raises the need to protect those secrets and to ensure the agent execution environment is trustworthy.

✓ Persistence & Privilege

The skill does not request persistent or always-on presence; default autonomous invocation is allowed (normal). There is no install script or configuration changes described that modify other skills or global agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install zero
安装完成后，直接呼叫该 Skill 的名称或使用 /zero 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Deprecate this, please use TiDB Cloud Zero instead

v1.0.0

Initial technical preview release for ephemeral TiDB Cloud Zero databases. - Provision disposable TiDB Cloud Zero databases via a POST API. - Provides deterministic SQL smoke test instructions using API and CLI. - Returns connection string and credentials in API response for immediate use. - Suggests guided quickstart experience to bootstrap demo data. - Explains response fields and planned feature for claiming temporary databases. - Includes sample code for CLI and Node.js connections.

元数据

Slug zero

版本 1.0.1

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Zero TiDB(Deprecated) 是什么？

Create ephemeral TiDB Cloud Zero databases for agent workflows in Technical Preview. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 552 次。

如何安装 Zero TiDB(Deprecated)？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install zero」即可一键安装，无需额外配置。

Zero TiDB(Deprecated) 是免费的吗？

是的，Zero TiDB(Deprecated) 完全免费（开源免费），可自由下载、安装和使用。

Zero TiDB(Deprecated) 支持哪些平台？

Zero TiDB(Deprecated) 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Zero TiDB(Deprecated)？

由 Bosn（@bosn）开发并维护，当前版本 v1.0.1。