Custom Mysql

# MySQLClaw Skill v1.0.7

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Custom Mysql" with this command: npx skills add paradoxfuzzle/custom-mysql

MySQLClaw Skill v1.0.7

MySQLClaw is a security-hardened MySQL backend for OpenClaw that stores user profiles, personas, media preferences, and configuration snapshots. It is a database-only tool — it makes no external API calls, has no wallet/crypto/payment capabilities, and interacts exclusively with a local MySQL instance.

Capability Declarations

See CAPABILITIES.md for explicit declarations of what this skill can and cannot do. Key points:

  • ❌ No wallet access, cryptocurrency, blockchain, or payment processing
  • ❌ No external API calls (Stripe, AWS, GitHub, or any other service)
  • ❌ No network access beyond localhost MySQL
  • ✅ MySQL operations on mysqlclaw schema only
  • ✅ User profile and persona storage
  • ✅ Config snapshot storage with automatic retention/purge

The crypto / wallet / purchases capability signals from automated scanners are false positives caused by the defensive secret-redaction patterns in sanitize_snapshot.sh. See CAPABILITIES.md for full explanation.

Dependencies

RequirementInstall Command
MySQL client (mysql >= 8.0)Debian/Ubuntu: sudo apt install default-mysql-client · RHEL: sudo yum install mysql · macOS: brew install mysql-client
OpenSSLUsually pre-installed
Bash >= 4.0Required for associative arrays
PerlRequired for sanitize_snapshot.sh regex engine (usually pre-installed)

Required Environment Variables

VariableDescription
MYSQL_USERDedicated MySQL account (not root in production)
MYSQL_PASSWORDPassword for the MySQL account
MYSQL_HOSTMySQL server hostname (default: localhost)
MYSQL_PORTMySQL server port (default: 3306)

Security Note: Passwords are never passed on the command line. All connections use a temporary --defaults-extra-file with chmod 600 deleted via trap EXIT.

Security Architecture

1. Credential Handling

  • Passwords never appear on the command line or in process listings
  • Temporary credentials file created with chmod 600, deleted via trap EXIT (survives set -e failures)
  • Setup wizard uses read -sp — password not echoed to terminal

2. SQL Safety (sql_safe_exec.sh)

ControlBehavior
Multi-statement rejectionSemicolons rejected — one statement at a time
DDL blockingDROP, TRUNCATE, ALTER, CREATE blocked anywhere in input
DML confirmationINSERT, UPDATE, DELETE, REPLACE require interactive confirmation
Path traversal prevention.ssh, /etc/, .env, .gnupg, .aws, .config blocked
Database restrictionUSE only allowed for mysqlclaw
Input sanitizationSingle quotes escaped; identifiers validated ^[a-zA-Z_][a-zA-Z0-9_]{0,63}$
Trap-based cleanupCredentials file removed on ANY exit via trap EXIT

3. Command Mapping (custom_mysql)

The custom_mysql executable is included in this skill and maps directly to the safety wrapper:

CommandImplementationSafety
custom_mysql.sh query "SQL"custom_mysqlsql_safe_exec.shSingle-statement, DDL blocked, DML confirmed
custom_mysql.sh exec_script --file Xcustom_mysqlsql_safe_exec.sh per lineEach statement individually verified

4. Snapshot Security

  • Secret redaction: sanitize_snapshot.sh redacts API keys, tokens, passwords, Stripe keys (sk_live_*), AWS keys, GitHub tokens via Perl regex
  • Path whitelist: Only files in allowed_snapshot_paths may be snapshotted
  • Untrusted by default: All snapshots marked is_trusted = 0 until user-verified
  • Retention: Auto-purge via MySQL event (default 30 days). Manual: CALL sp_purge_snapshots(N);

Installation

cp -r custom_mysql /home/noodly/.openclaw/workspace/skills/
cd /home/noodly/.openclaw/workspace/skills/custom_mysql
./setup_wizard.sh

Creating a Least-Privilege MySQL User

CREATE USER 'mysqlclaw'@'localhost' IDENTIFIED BY 'strong_password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX, EVENT, EXECUTE
    ON mysqlclaw.* TO 'mysqlclaw'@'localhost';
FLUSH PRIVILEGES;

Files

FilePurpose
SKILL.mdThis file — skill documentation
CAPABILITIES.mdExplicit capability declarations (addresses scanner false positives)
custom_mysqlAgent-facing command wrapper (query / exec_script)
sql_safe_exec.shSafe SQL execution engine
setup_wizard.shInteractive setup wizard
sanitize_snapshot.shSecret redaction before DB storage
create_user_tables.sqlSchema for user profiles, personas, snapshots
cleanup_snapshots.sqlRetention policy (auto-purge event + manual procedure)
changelog.mdVersion history

Changelog

See changelog.md for full version history.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

System Monitor

Monitor system metrics like CPU, memory, disk, and network. Use when user needs to track server performance, set up alerts for high resource usage, monitor u...

Registry SourceRecently Updated
00dinghaibin
General

System Monitor

Monitor system metrics like CPU, memory, disk, and network. Use when user needs to track server performance, set up alerts for high resource usage, monitor u...

Registry SourceRecently Updated
00dinghaibin
General

AI Rewriter PRO

Transforms any text into five SEO-optimized, tone-adapted versions with improved readability, grammar, and social media snippets for better engagement.

Registry SourceRecently Updated
1390nicemaths123
General

MySQLClaw

Secure MySQL backend for storing user profiles, personas, and config snapshots with strict SQL safety, secret redaction, and automatic snapshot retention.

Registry SourceRecently Updated
320paradoxfuzzle