Generate secure SQL queries with validation, pagination helpers, risk analysis, and audit-focused safeguards.
数据来源:ClawHub。 在 ClawSkills 查看
选择你使用的 Agent
方法一:命令行安装(推荐)
推荐(无需提前安装 clawhub)
npx clawhub@latest --dir ~/.claude/skills install sql-query-generator或使用 clawhub CLI(需提前安装)
clawhub --dir ~/.claude/skills install sql-query-generator⚠️ 需要 Node.js 18+,没有 Node?请使用下方方法二直接下载 ZIP。 安装 Node.js →
方法二:手动下载安装(无需 Node)
下载 ZIP,解压后将文件夹放到以下路径,重启 Agent 即可:
安装路径
~/.claude/skills/sql-query-generator/💡解压后将文件夹放到上方路径,重启 Agent 即可生效
--- name: sql-query-generator description: Generate secure SQL queries with validation, pagination helpers, risk analysis, and audit-focused safeguards. version: 0.3.0 ---
This skill enables AI agents to generate accurate, optimized SQL queries from natural language descriptions. It supports multiple database systems and follows best practices for query construction, security, and performance.
# Clone or download the repository
git clone https://github.com/yourusername/sql-query-generator.git
cd sql-query-generator
# No external dependencies required for core functionality
python sql_query_generator.py
# Copy sql_query_generator.py to your project
cp sql_query_generator.py /path/to/your/project/
# Import in your code
from sql_query_generator import SQLQueryGenerator, DatabaseType
For AI agents using this skill:
Install only the drivers you need:
# PostgreSQL
pip install psycopg2-binary
# MySQL
pip install mysql-connector-python
# SQL Server
pip install pyodbc
# Oracle
pip install cx_Oracle
# For testing and development
pip install pytest pytest-cov
When generating SQL queries, follow these steps:
- Parse natural language input - Identify required tables - Determine join conditions - Extract filter criteria
```sql -- Example structure SELECT column1, column2, aggregate_function(column3) AS alias FROM table1 JOIN table2 ON table1.id = table2.foreign_id WHERE condition1 = value1 AND condition2 > value2 GROUP BY column1, column2 HAVING aggregate_condition ORDER BY column1 DESC LIMIT 100; ```
- Use parameterized queries - Validate all inputs - Escape special characters
-- Natural language: "Get all users who registered after January 1, 2024"
SELECT
id,
username,
email,
registration_date
FROM
users
WHERE
registration_date > $1 -- Parameterized
ORDER BY
registration_date DESC;
-- Natural language: "Show total orders by customer in 2024"
SELECT
c.customer_name,
c.email,
COUNT(o.order_id) AS total_orders,
SUM(o.total_amount) AS total_spent
FROM
customers c
INNER JOIN
orders o ON c.customer_id = o.customer_id
WHERE
EXTRACT(YEAR FROM o.order_date) = $1
GROUP BY
c.customer_id,
c.customer_name,
c.email
HAVING
COUNT(o.order_id) > 5
ORDER BY
total_spent DESC;
-- Natural language: "Find products with above-average prices"
SELECT
product_name,
price,
category
FROM
products
WHERE
price > (
SELECT AVG(price)
FROM products
)
ORDER BY
price DESC;
-- Natural language: "Get top 3 products per category by sales"
WITH product_sales AS (
SELECT
p.product_id,
p.product_name,
p.category_id,
c.category_name,
SUM(oi.quantity * oi.unit_price) AS total_sales,
ROW_NUMBER() OVER (
PARTITION BY p.category_id
ORDER BY SUM(oi.quantity * oi.unit_price) DESC
) AS rank_in_category
FROM
products p
JOIN
order_items oi ON p.product_id = oi.product_id
JOIN
categories c ON p.category_id = c.category_id
GROUP BY
p.product_id,
p.product_name,
p.category_id,
c.category_name
)
SELECT
category_name,
product_name,
total_sales,
rank_in_category
FROM
product_sales
WHERE
rank_in_category <= 3
ORDER BY
category_name,
rank_in_category;
-- Natural language: "Show running total of sales per day"
SELECT
sale_date,
daily_total,
SUM(daily_total) OVER (
ORDER BY sale_date
ROWS BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW
) AS running_total,
AVG(daily_total) OVER (
ORDER BY sale_date
ROWS BETWEEN 6 PRECEDING AND CURRENT ROW
) AS moving_average_7days
FROM (
SELECT
DATE(order_date) AS sale_date,
SUM(total_amount) AS daily_total
FROM
orders
GROUP BY
DATE(order_date)
) daily_sales
ORDER BY
sale_date;
THESE RULES ARE NON-NEGOTIABLE AND MUST ALWAYS BE FOLLOWED:
```python # WRONG - CRITICAL SECURITY VULNERABILITY query = f"SELECT * FROM users WHERE username = '{user_input}'"
# CORRECT - Always use parameters query = "SELECT * FROM users WHERE username = %s" cursor.execute(query, (user_input,)) ```
- Even seemingly "safe" values like numbers - Even values from "trusted" sources - Even internal application values - NO EXCEPTIONS
```python # Whitelist validation VALID_STATUSES = ['active', 'inactive', 'pending'] if status not in VALID_STATUSES: raise ValueError("Invalid status")
# Type validation if not isinstance(user_id, int): raise TypeError("user_id must be integer")
# Length validation if len(username) > 50: raise ValueError("username too long") ```
```python from psycopg2 import sql
# For table/column names that must be dynamic query = sql.SQL("SELECT * FROM {} WHERE id = %s").format( sql.Identifier(table_name) ) cursor.execute(query, (user_id,)) ```
import re
from typing import Any, List, Optional
...安装 SQL Query Generator 后,可以对 AI 说这些话来触发它
Help me get started with SQL Query Generator
Explains what SQL Query Generator does, walks through the setup, and runs a quick demo based on your current project
Use SQL Query Generator to generate secure SQL queries with validation, pagination helpers, ri...
Invokes SQL Query Generator with the right parameters and returns the result directly in the conversation
What can I do with SQL Query Generator in my data & analytics workflow?
Lists the top use cases for SQL Query Generator, with example commands for each scenario
将技能文件夹放到 ~/.claude/skills/sql-query-generator/ 目录(个人级,所有项目可用),或 .claude/skills/sql-query-generator/(项目级)。重启 AI 客户端后,用 /sql-query-generator 主动调用,或让 AI 根据上下文自动发现并使用。
SQL Query Generator 支持 Claude、Cursor、OpenClaw,可与这些 AI 平台无缝集成,扩展其能力。
SQL Query Generator 可免费安装使用。请查阅仓库了解许可证信息。
Generate secure SQL queries with validation, pagination helpers, risk analysis, and audit-focused safeguards.
SQL Query Generator 属于「Data & Analytics」分类,该分类的技能帮助 AI 智能体在此领域执行专业任务。
Automate my data & analytics tasks using SQL Query Generator
Identifies repetitive steps in your workflow and sets up SQL Query Generator to handle them automatically