skill-scan_skill

This skill helps securely run parameterized database queries, reducing injection risk while returning precise results.
  • Python

2.6k

GitHub Stars

6

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill skill-scan

  • _meta.json277 B
  • CHANGELOG.md1.5 KB
  • pyproject.toml656 B
  • README.md6.5 KB
  • SKILL.md7.2 KB
  • TESTING.md8.5 KB

Overview

This skill lets you run SQL queries safely against a database using parameterized statements. It focuses on preventing SQL injection and returning structured results suitable for further processing. The implementation is in Python and designed for integration into automation workflows or chat-based agents. It is lightweight and intended for querying archived or backup datasets securely.

How this skill works

You provide a parameterized SQL statement and a set of parameters; the skill binds parameters to placeholders and executes the statement against the configured database driver. Results are returned as rows with consistent column names, and errors are reported clearly without exposing raw stack traces. Connections are managed to avoid resource leaks and the skill enforces prepared statements to block injection.

When to use it

  • Running read-only queries on archived or backup databases.
  • Embedding database queries inside an automation pipeline or chat agent.
  • Retrieving structured datasets for reporting or transformation.
  • When you need to avoid building raw SQL strings with user input.
  • Quick ad-hoc exploration of database tables without risk of injection.

Best practices

  • Always use parameter placeholders provided by the DB driver rather than string interpolation.
  • Limit the skill's database credentials to least privilege (read-only if possible).
  • Validate and sanitize high-level inputs (e.g., expected columns, row limits) before building queries.
  • Use pagination or LIMIT clauses for large result sets to avoid memory spikes.
  • Log query metadata (timing, row counts) but never log raw parameter values containing secrets.

Example use cases

  • Fetch the latest 100 rows from an archived transactions table for audit review.
  • Return user profile fields by ID using a parameterized SELECT to feed a chat response.
  • Aggregate counts by status for a backup dataset to build a dashboard.
  • Filter logs stored in a historical database by date range provided by an analyst.
  • Power an automation that exports query results to CSV or a BI tool.

FAQ

The skill is designed primarily for safe read/query operations; write support can be added but should be restricted and audited.

How does it prevent SQL injection?

It uses parameterized/prepared statements provided by the database driver so user inputs are bound as parameters instead of injected into SQL text.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
skill-scan skill by openclaw/skills | VeilStrat