Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/clickhouse-security-basics/Snyk

clickhouse-security-basics

Fail

Audited by Snyk on Mar 30, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt contains explicit SQL examples that embed plaintext passwords (e.g., IDENTIFIED ... BY '...') and thus would require the agent to produce or insert secret values verbatim into commands, which is high-risk secret handling.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs editing ClickHouse server config and certificate files (e.g., /etc/clickhouse-server/config.xml, server.key) and changing server network/TLS settings — actions that modify system files and require elevated privileges, thus altering the host state.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 30, 2026, 02:42 PM
Issues
2