database-connect

[Skill Scanner] Backtick command substitution detected The code fragment presents a coherent but complex multi-database management tool leveraging MCP and native clients with read-only safeguards. While not inherently malicious, credential handling, caching, and a broad, multi-language footprint raise moderate security concerns. Recommend tightening secret management, enforcing least privilege, and consolidating security controls across phases to reduce misconfiguration risk. LLM verification: The skill is functionally consistent with its stated purpose and contains mostly benign, readable code for database discovery, inspection, and safe querying. There are no hardcoded secrets, obfuscated payloads, or explicit exfiltration calls in the provided files. However several operational supply-chain and data-flow concerns exist: it reads credential-containing files (.env and $HOME/.claude/config.json), caches connection details/schema to local files (potentially persisting secrets), and ref