clickhouse-pydantic-config

Functionally this skill does what it claims: map env-configured ClickHouse connection data into a DBeaver data-sources.json using a Pydantic model. The primary security issue is credential handling: cloud mode writes plaintext credentials into a local JSON file, increasing the chance of accidental exposure (git commits, CI artifacts, backups). There is also a transitive trust risk from the companion credential-retrieval skill. No evidence of intentional malicious code, network exfiltration, or obfuscation is present in the provided materials. Recommended actions: enforce .dbeaver/ in .gitignore (and verify before generating), restrict generated-file permissions, prefer OS keyrings or DBeaver native credential storage over writing plaintext, avoid generating credentials in CI, and audit/pin any external skills that retrieve secrets.