mysql

This skill's purpose and capabilities are coherent: it expects local DB credentials and performs read-only queries against configured MySQL instances. There are no signs of remote credential harvesting, third-party proxying of credentials, download-execute patterns, or obfuscation. Primary risks are credential exposure (plaintext config file), the option to disable SSL, reliance on SET SESSION TRANSACTION READ ONLY which can be bypassed in some setups, and the inherent data-exfiltration potential of any tool that can run SELECTs on a database. These risks are expected given the stated functionality; they can be mitigated by using minimally-privileged readonly accounts, keeping credentials secured (OS keyring or secrets manager), enforcing SSL, and auditing allowed queries. Overall this appears non-malicious but moderately sensitive — treat credentials and network endpoints as high-value assets when using the skill.