注入扫描

Sqlmap

by bytesagain

Detect SQL injection vulnerabilities and assess DB security. Use when checking queries, validating sanitization, generating tests, formatting reports.

4.5k数据与存储未扫描2026年3月23日

安装

claude skill add --url github.com/openclaw/skills/tree/main/skills/bytesagain/sql-scanner

文档

SQL Scanner

SQL security scanner and database devtools toolkit. Check queries for vulnerabilities, validate SQL syntax, generate test cases, format queries, lint code, explain execution plans, and more — all from the command line.

Commands

Run sql-scanner <command> [args] to use. Each command records timestamped entries to its own log file.

Core Operations

CommandDescription
check <input>Check a SQL query for security issues or correctness
validate <input>Validate SQL syntax or sanitization rules
generate <input>Generate SQL test cases, mock queries, or schemas
format <input>Format and pretty-print a SQL query
lint <input>Lint SQL code for style and best-practice violations
explain <input>Record an execution plan analysis or query explanation
convert <input>Convert between SQL dialects or formats
template <input>Log or retrieve SQL templates for common patterns
diff <input>Record differences between two SQL versions or schemas
preview <input>Preview a query transformation before applying
fix <input>Log a fix applied to a problematic query
report <input>Record a scan report or audit finding

Utility Commands

CommandDescription
statsShow summary statistics across all log files (entry counts, disk usage)
export <fmt>Export all data in a given format: json, csv, or txt
search <term>Search across all log files for a keyword (case-insensitive)
recentDisplay the last 20 lines from the activity history log
statusHealth check — version, data dir, entry count, disk usage
helpShow the full command reference
versionPrint current version (v2.0.0)

Note: Each core command works in two modes — call with no arguments to view recent entries (last 20), or pass input to record a new timestamped entry.

Data Storage

All data is stored locally in plain-text log files:

code
~/.local/share/sql-scanner/
├── check.log          # Security check records
├── validate.log       # Validation results
├── generate.log       # Generated test cases
├── format.log         # Formatted queries
├── lint.log           # Lint findings
├── explain.log        # Execution plan notes
├── convert.log        # Dialect conversions
├── template.log       # SQL templates
├── diff.log           # Schema/query diffs
├── preview.log        # Preview entries
├── fix.log            # Applied fixes
├── report.log         # Audit reports
└── history.log        # Unified activity log (all commands)

Each entry is stored as YYYY-MM-DD HH:MM|<input> (pipe-delimited). The history.log file receives a line for every command executed, providing a single timeline of all activity.

Requirements

  • Bash 4.0+ (uses set -euo pipefail)
  • Standard Unix utilities: date, wc, du, tail, grep, sed, cat, basename
  • No external dependencies — pure bash, works on any Linux or macOS system

When to Use

  1. SQL code review — use check and lint to record findings when reviewing queries for injection risks or style issues
  2. Query formatting — use format to log prettified versions of messy SQL before sharing with the team
  3. Schema migrations — use diff and convert to track changes when migrating between database dialects
  4. Security auditing — use report and validate to document SQL injection scan results and sanitization checks
  5. Test case generation — use generate and template to build and catalog reusable SQL test patterns

Examples

bash
# Check a query for SQL injection risks
sql-scanner check "SELECT * FROM users WHERE id = '$input'"

# Lint a query for style issues
sql-scanner lint "select name,age from users where age>18"

# Format a messy query
sql-scanner format "SELECT a.id, b.name FROM table_a a JOIN table_b b ON a.id=b.aid WHERE a.status=1"

# Generate a test case
sql-scanner generate "INSERT injection test for login form"

# Log a schema diff
sql-scanner diff "users table: added column 'email_verified' BOOLEAN DEFAULT FALSE"

# Export all scan data to JSON
sql-scanner export json

# Search for all entries mentioning 'injection'
sql-scanner search injection

# View overall statistics
sql-scanner stats

Configuration

Set the SQL_SCANNER_DIR environment variable to change the data directory:

bash
export SQL_SCANNER_DIR="/custom/path/to/data"

Default: ~/.local/share/sql-scanner/


Powered by BytesAgain | bytesagain.com | hello@bytesagain.com

相关 Skills

资深架构师

by alirezarezvani

Universal
热门

适合系统设计评审、ADR记录和扩展性规划,分析依赖与耦合,权衡单体或微服务、数据库与技术栈选型,并输出Mermaid、PlantUML、ASCII架构图。

搞系统设计、技术选型和扩展规划时,用它能更快理清架构决策与依赖关系,还能直接产出 Mermaid/PlantUML 图,方案讨论效率很高。

数据与存储
未扫描21.3k

技术栈评估

by alirezarezvani

Universal
热门

对比框架、数据库和云服务,结合 5 年 TCO、安全风险、生态活力与迁移复杂度做量化评估,适合技术选型、栈升级和替换路线决策。

帮你系统比较技术栈优劣,不只看功能,还把TCO、安全性和生态健康度一起量化,选型和迁移决策更稳。

数据与存储
未扫描21.3k

资深数据科学家

by alirezarezvani

Universal
热门

覆盖实验设计、特征工程、预测建模、因果推断与模型评估,适合用 Python/R/SQL 做 A/B 测试、时序分析和生产级 ML 落地,支撑数据驱动决策。

从 A/B 测试、因果分析到预测建模一条龙搞定,既有硬核统计方法也懂业务沟通,特别适合把数据结论真正落地。

数据与存储
未扫描21.3k

相关 MCP 服务

by Anthropic

热门

PostgreSQL 是让 Claude 直接查询和管理你的数据库的 MCP 服务器。

这个服务器解决了开发者需要手动编写 SQL 查询的痛点,特别适合数据分析师或后端开发者快速探索数据库结构。不过,由于是参考实现,生产环境使用前务必评估安全风险,别指望它能处理复杂事务。

数据与存储
88.1k

SQLite 数据库

编辑精选

by Anthropic

热门

SQLite 是让 AI 直接查询本地数据库进行数据分析的 MCP 服务器。

这个服务器解决了 AI 无法直接访问 SQLite 数据库的问题,适合需要快速分析本地数据集的开发者。不过,作为参考实现,它可能缺乏生产级的安全特性,建议在受控环境中使用。

数据与存储
88.1k

by Firecrawl

热门

Firecrawl 是让 AI 直接抓取网页并提取结构化数据的 MCP 服务器。

它解决了手动写爬虫的麻烦,让 Claude 能直接访问动态网页内容。最适合需要实时数据的研究者或开发者,比如监控竞品价格或抓取新闻。但要注意,它依赖第三方 API,可能涉及隐私和成本问题。

数据与存储
6.8k

评论