playbooks

home / skills / openclaw / skills / ai-sql-check

ai-sql-check skill

/skills/lxgicstudios/ai-sql-check

This skill analyzes SQL queries to identify performance bottlenecks and security risks, offering actionable tips and suggestions.

npx playbooks add skill openclaw/skills --skill ai-sql-check

Review the files below or copy the command above to add this skill to your agents.

Files (2)
SKILL.md
1.3 KB
---
name: sql-check
description: Analyze SQL queries for performance and security issues
---

# SQL Checker

Paste your SQL, get performance tips and security warnings. Catches N+1s and injection risks.

## Quick Start

```bash
npx ai-sql-check "SELECT * FROM users WHERE name LIKE '%john%'"
```

## What It Does

- Identifies performance issues
- Flags SQL injection risks
- Suggests missing indexes
- Warns about N+1 queries

## Usage Examples

```bash
# Check a query
npx ai-sql-check "SELECT * FROM orders WHERE status = 'pending'"

# Check from file
npx ai-sql-check --file ./queries/report.sql

# With schema for better analysis
npx ai-sql-check --file query.sql --schema ./schema.sql
```

## Issues It Catches

- SELECT * anti-pattern
- Missing WHERE clause
- Unindexed columns in WHERE
- LIKE with leading wildcard
- Cartesian joins
- SQL injection patterns

## Output Example

```
āš ļø Performance Issues:
- SELECT * returns unnecessary columns
- LIKE '%john%' can't use index

šŸ”’ Security Issues:
- None detected

šŸ’” Suggestions:
- Add index on users(name)
- Select only needed columns
```

## Requirements

Node.js 18+. OPENAI_API_KEY required.

## License

MIT. Free forever.

---

**Built by LXGIC Studios**

- GitHub: [github.com/lxgicstudios/ai-sql-check](https://github.com/lxgicstudios/ai-sql-check)
- Twitter: [@lxgicstudios](https://x.com/lxgicstudios)

Overview

This skill analyzes SQL queries for performance and security issues and returns actionable feedback. It flags common anti-patterns, suggests indexes, and detects potential SQL injection risks and N+1 query patterns. Results are concise and geared toward quick fixes developers can apply.

How this skill works

You supply a single query or a file containing SQL, optionally with a schema for deeper analysis. The tool parses statements, scans for patterns like SELECT * or leading-wildcard LIKE, and checks WHERE clauses for unindexed columns. It then returns categorized findings: performance issues, security warnings, and concrete suggestions such as index additions or column selection changes.

When to use it

  • Review new or legacy queries before deploying to production
  • Audit query performance hotspots during code reviews
  • Detect injection risks in dynamically generated SQL
  • Analyze reporting queries that scan large tables
  • Validate queries when adding new WHERE filters or joins

Best practices

  • Avoid SELECT *; list only required columns
  • Provide schema information for more accurate index suggestions
  • Add indexes for frequently filtered or joined columns
  • Replace leading-wildcard LIKE patterns with full-text search or trigram indexes
  • Inspect join logic to prevent accidental Cartesian products

Example use cases

  • Check a single query: detect SELECT * and recommend specific columns
  • Scan a file of reporting queries to find missing WHERE clauses
  • Provide suggestions for adding indexes based on WHERE and JOIN usage
  • Detect potential SQL injection patterns in concatenated queries
  • Identify N+1 query risks in query sets generated by ORMs

FAQ

Can it analyze multiple queries in one file?

Yes, you can pass a file containing many queries and it will inspect each statement.

Does it require database access to recommend indexes?

No, it analyzes query structure and optional schema files; live statistics are not required but improve accuracy.

How are SQL injection risks detected?

It looks for unsafe patterns like string concatenation, unescaped inputs, and obvious templating pitfalls and flags them for review.