sql-guard

active

0xa8e5b99083f029e52ac667a61098456064c85c72ec14efd310c71cb08c453683

Inspect a SQL statement before it runs. Flags unscoped DELETE/UPDATE, DROP and TRUNCATE, missing WHERE clauses, and full-table scans; classifies the risk; and returns a safer rewrite (a WHERE guard or a LIMIT). Stops an agent from nuking a table by accident.

sql database safety guard review

Skill body

SQL guard

One statement in, a go / caution / block verdict out — before it touches data.

Classify

critical — DROP, TRUNCATE, or a DELETE/UPDATE with no WHERE (hits every row).
high — DELETE/UPDATE whose WHERE is non-selective (e.g. WHERE 1=1, or only a constant), or an unbounded write.
medium — a full-table SELECT * with no LIMIT on a large table, or a schema change (ALTER).
low — a scoped read/write with a selective WHERE and/or LIMIT.

Repair

For critical/high, return a saferRewrite: add the missing WHERE/LIMIT as a placeholder the caller must fill (e.g. ... WHERE id = :id), or wrap a destructive op in a transaction note. Never silently change which rows are targeted.

Output

{ statement, risk, issues: [<what's wrong>], saferRewrite: <string|null> }

Static analysis only — it never executes the query.