clickhouse-local-development
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill promotes unauthenticated remote code execution via piped shell scripts.
- Evidence: Found in 'AGENTS.md' and 'guides/setup-install.md'.
- Command: 'curl -fsSL https://raw.githubusercontent.com/sdairs/chv/main/install.sh | sh'.
- Risk: This executes arbitrary code from an untrusted source directly in the user shell environment.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and installs software from an untrusted personal repository.
- Source: 'https://github.com/sdairs/chv'.
- Trust Analysis: The account 'sdairs' is not a trusted organization. The claim of 'ClickHouse Inc' authorship in 'SKILL.md' is unverifiable and contradicts the source URL.
- [CREDENTIALS_UNSAFE] (HIGH): The migration instructions encourage users to pass sensitive database passwords as plain-text command-line arguments.
- Evidence: 'guides/migrate-local-to-cloud.md' shows '--password '.
- Risk: Passwords provided as flags are exposed in shell history files and system process lists.
- [PROMPT_INJECTION] (HIGH): Indirect injection surface via SQL and CSV ingestion.
- Attack Surface: The skill processes local files ('clickhouse/tables/*.sql', 'data/seed.csv') and executes them using the 'chv' tool.
- Capability: High-privilege execution against local and remote cloud databases without sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata