Skills
skills/clickhouse/agent-skills/clickhouse-managed-postgres-rca/Gen Agent Trust Hub

clickhouse-managed-postgres-rca

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill communicates exclusively with official ClickHouse domains (api.clickhouse.cloud, clickhouse.com) for fetching diagnostics and OpenAPI specifications.
  • [SAFE]: Implements a robust 'recommend-only' policy, explicitly forbidding the execution of DDL (e.g., CREATE INDEX) or termination of queries, ensuring human-in-the-loop for all changes.
  • [SAFE]: Utilizes local environment variables (CH_CLOUD_KEY, CH_CLOUD_SECRET) for authentication as per standard security practices, avoiding hardcoded credentials.
  • [SAFE]: Includes an automated discovery step to resolve API field names dynamically from the OpenAPI specification, reducing the risk of hardcoding potentially stale or incorrect field names.
  • [SAFE]: Employs local file caching in /tmp for the OpenAPI specification with a 24-hour TTL to optimize performance without compromising security.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:17 PM
Security Audit — agent-trust-hub — clickhouse-managed-postgres-rca