clickhouse-io
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Dynamic Execution (LOW): A TypeScript code example for bulk data insertion manually constructs a SQL string using template literals, which is a common pattern that introduces security risks if data is not properly handled.\n
- Evidence: The
bulkInsertTradesfunction inSKILL.mdmaps input data directly into a SQL string: `'${trade.id}', '${trade.market_id}'.\n - Impact: This pattern is vulnerable to SQL injection if the input values are not sanitized or if they originate from an untrusted external source.\n- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized data access patterns were detected. The skill correctly demonstrates using environment variables for sensitive database credentials.\n- External Dependencies (SAFE): The skill references standard, reputable database client libraries (
clickhouse,pg) which do not pose a security risk in this context.
Audit Metadata