🗄️数据库 MCP（PostgreSQL / MySQL / Redis）

数据库横向移动与跨库攻击。当已获取一个数据库权限（PostgreSQL/MySQL/MSSQL）需要横向到其他数据库或内网服务时使用。覆盖 PostgreSQL dblink 跨库连接、MSSQL Linked Server 横向、MySQL 联邦引擎跨库、数据库→SSRF→内网探测。当目标网络隔离但数据库可通信时（数据库通常有比应用服务器更宽松的网络策略），这是突破隔离的关键路径。发现任何数据库间通信需求、内网数据库横向、跨库查询场景都应使用此技能

当用户提出数据查询需求（如'查数'、'查一下订单量'、'有多少用户'、'帮我跑个SQL'等），使用数据源工具发现表结构，生成并执行只读 SQL 查询。

Используй только внутри активного Codex Project Autopilot-проекта, когда data-layer уже относится к плану автопилота.

Design a PostgreSQL-specific schema. Covers best-practices, data types, indexing, constraints, performance patterns, and advanced features

Build or review Bun fullstack TypeScript code with Drizzle-backed SQL. Use for backend or cross-layer changes touching API/domain logic, schema or query design, migrations, runtime/type debugging, and boundary validation between contracts, business rules, and persistence.

Backend API design, database architecture, microservices patterns, and test-driven development. Use for designing APIs, database schemas, or backend system architecture.

Database schema design, optimization, and migration patterns for PostgreSQL, MySQL, and NoSQL databases. Use for designing schemas, writing migrations, or optimizing queries.

Timeplus streaming SQL covering stream types, EMIT policies, window functions, JOINs, materialized views, external streams, and UDFs. Make sure to use this skill for any SQL-related question including writing queries, debugging SQL errors, understanding streaming behavior, or designing stream processing pipelines, even if the user doesn't explicitly mention streaming SQL.

Testing strategy for Supabase Studio. Use when writing tests, deciding what type of test to write, extracting logic from components into testable utility functions, or reviewing test coverage. Covers unit tests, component tests, and E2E test selection criteria.

Help write, debug, and explore SQLite database queries using Kysely. Use when writing repository code, exploring data, debugging query issues, or understanding the database schema.

Build APIs, database schemas, and server-side logic with Supabase. Use after frontend is built.

Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.

Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.

后端架构模式、API设计、数据库优化以及适用于Node.js、Express和Next.js API路由的服务器端最佳实践。

Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.

AI-powered codebase security scanner that reasons about code like a security researcher — tracing data flows, understanding component interactions, and catching vulnerabilities that pattern-matching tools miss. Use this skill when asked to scan code for security vulnerabilities, find bugs, check for SQL injection, XSS, command injection, exposed API keys, hardcoded secrets, insecure dependencies, access control issues, or any request like "is my code secure?", "review for security issues", "audit this codebase", or "check for vulnerabilities". Covers injection flaws, authentication and access control bugs, secrets exposure, weak cryptography, insecure dependencies, and business logic issues across JavaScript, TypeScript, Python, Java, PHP, Go, Ruby, and Rust.

Execute comprehensive SQL injection vulnerability assessments on web applications to identify database security flaws, demonstrate exploitation techniques, and validate input sanitization mechanisms.

Build and verify real-Postgres Go tests and thin transport smoke for tracking behavior.

Generate SQL queries from natural language descriptions

Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate). Use when planning or implementing database schema changes.

Comprehensive database administration, schema management, data operations, and optimization. Use when Codex needs to: (1) Create or modify database tables with proper indexing, (2) Perform bulk data insertions with type safety and constraint handling, (3) Execute complex queries with JOINs, aggregations, and subqueries, (4) Optimize query performance through indexing and execution plan analysis, (5) Manage database backups, restores, and migrations, (6) Handle special data types (BIGINT, UUID, JSONB, enums), (7) Implement transactional safety with ACID compliance, or (8) Debug and resolve database errors including constraint violations, type mismatches, and foreign key issues

Translate SQL queries between database dialects (Snowflake, BigQuery, PostgreSQL, MySQL, etc.)

Full pipeline for DB design. An agent team collaborates to perform data modeling, migration, indexing, query optimization, and security verification. Use this skill for any database design task including 'design a database', 'database modeling', 'table design', 'ERD', 'migration', 'query optimization', 'index design', 'SQL schema', 'PostgreSQL design', 'MySQL design', etc. Also supports optimization and security auditing for existing schemas. Note: actual DB server installation/operation, cloud infrastructure provisioning, and monitoring dashboard setup are outside the scope of this skill.

DB 설계 풀 파이프라인. 데이터 모델링→마이그레이션→인덱싱→쿼리 최적화→보안 검증을 에이전트 팀이 협업하여 수행한다. 'DB 설계해줘', '데이터베이스 모델링', '테이블 설계', 'ERD', '마이그레이션', '쿼리 최적화', '인덱스 설계', 'SQL 스키마', 'PostgreSQL 설계', 'MySQL 설계' 등 DB 설계 전반에 이 스킬을 사용한다. 기존 스키마가 있는 경우에도 최적화나 보안 감사를 지원한다. 단, 실제 DB 서버 설치/운영, 클라우드 인프라 프로비저닝, 모니터링 대시보드 구축은 이 스킬의 범위가 아니다.

Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Kysely, Django, TypeORM, golang-migrate).

数据库迁移最佳实践，涵盖模式变更、数据迁移、回滚以及零停机部署，适用于PostgreSQL、MySQL及常用ORM（Prisma、Drizzle、Django、TypeORM、golang-migrate）。

Şema değişiklikleri, veri migration'ları, rollback'ler ve PostgreSQL, MySQL ve yaygın ORM'ler (Prisma, Drizzle, Django, TypeORM, golang-migrate) arasında sıfır kesinti deployment'ları için veritabanı migration en iyi uygulamaları.

Use this skill when designing backend systems, databases, APIs, or services. Triggers on schema design, database migrations, indexing strategies, distributed systems architecture, microservices, caching, message queues, observability setup, logging, metrics, tracing, SLO/SLI definition, performance optimization, query tuning, security hardening, authentication, authorization, API design (REST, GraphQL, gRPC), rate limiting, pagination, and failure handling patterns. Acts as a senior backend engineering advisor for mid-level engineers leveling up.

Database comparison catalogs, RDBMS vs NoSQL selection criteria, CAP/ACID/BASE theory, OLTP vs OLAP, and technology-specific characteristics

Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap.

Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.

Pre-merge SQL quality gate — lint 26 anti-patterns, grade readability/performance A-F, validate syntax, and scan for injection threats. Use before committing or reviewing SQL changes.

How to write tests, when to use each type of test, and how to run them. Contains information about conversion of `.test` to `.sqltest`, and how to write `.sqltest` and rust tests

SQL evaluation criteria for Databricks. Load when the trace contains execute_sql tool calls or SQL code in responses. Covers syntax validity, Unity Catalog patterns, and Databricks-specific SQL features.

Expert system for generating, validating, and optimizing ClickHouse SQL. Use this when the user needs data, queries, or analysis.

Implementation details for the Microsoft.Data.Sqlite ADO.NET provider. Use when changing files under `src/Microsoft.Data.Sqlite.Core/`.

Write correct, performant SQL across all major data warehouse dialects (Snowflake, BigQuery, Databricks, PostgreSQL, etc.). Use when writing queries, optimizing slow SQL, translating between dialects, or building complex analytical queries with CTEs, window functions, or aggregations.

Pre-deployment verification checklist. Use when about to ship a release, deploying a change with database migrations or feature flags, verifying CI status and approvals before going to production, or documenting rollback triggers ahead of time.

SQL 注入漏洞测试技能。覆盖联合注入、布尔盲注、时间盲注、报错注入、堆叠查询等攻击向量， 提供 MySQL/PostgreSQL/MSSQL/Oracle/SQLite 多数据库的特征 Payload， 包含 WAF 绕过策略和系统化测试流程，适用于 Web 应用 SQL 注入漏洞的发现与确认。

Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.

Identifies Oracle-to-PostgreSQL migration risks by cross-referencing code against known behavioral differences (empty strings, refcursors, type coercion, sorting, timestamps, concurrent transactions, etc.). Use when planning a database migration, reviewing migration artifacts, or validating that integration tests cover Oracle/PostgreSQL differences.

Use this skill when writing SQL queries — selects, joins, aggregations, window functions, or schema modifications. Apply whenever SQL is needed to ensure correctness, safety, and performance.

Expert SQL query generation for DBX Studio. Use when writing, optimizing, or debugging SQL queries against user database connections.

Expert SQL query generation for DBX Studio. Use when writing, optimizing, or debugging SQL queries against user database connections.

Write comprehensive backend tests including unit tests, integration tests, and API tests. Use when testing REST APIs, database operations, authentication flows, or business logic. Handles Jest, Pytest, Mocha, testing strategies, mocking, and test coverage.

Design and optimize database schemas for SQL and NoSQL databases. Use when creating new databases, designing tables, defining relationships, indexing strategies, or database migrations. Handles PostgreSQL, MySQL, MongoDB, normalization, and performance optimization.

Execute authoring T-SQL (DDL, DML, data ingestion, transactions, schema changes) against Microsoft Fabric Data Warehouse and SQL endpoints from agentic CLI environments. Use when the user wants to: (1) create/alter/drop tables from terminal, (2) insert/update/delete/merge data via CLI, (3) run COPY INTO or OPENROWSET ingestion, (4) manage transactions or stored procedures, (5) perform schema evolution, (6) use time travel or snapshots, (7) generate ETL/ELT shell scripts, (8) create views/functions/procedures on Lakehouse SQLEP. Triggers: "create table in warehouse", "insert data via T-SQL", "load from ADLS", "COPY INTO", "run ETL with T-SQL", "alter warehouse table", "upsert with T-SQL", "merge into warehouse", "create T-SQL procedure", "warehouse time travel", "recover deleted warehouse data", "create warehouse schema", "deploy warehouse", "transaction conflict", "snapshot isolation error".

Execute read-only T-SQL queries against Fabric Data Warehouse, Lakehouse SQL Endpoints, and Mirrored Databases via CLI. Default skill for any lakehouse data query (row counts, SELECT, filtering, aggregation) unless the user explicitly requests PySpark or Spark DataFrames. Use when the user wants to: (1) query warehouse/lakehouse data, (2) count rows or explore lakehouse tables, (3) discover schemas/columns, (4) generate T-SQL scripts, (5) monitor SQL performance, (6) export results to CSV/JSON. Triggers: "warehouse", "SQL query", "T-SQL", "query warehouse", "show warehouse tables", "show lakehouse tables", "query lakehouse", "lakehouse table", "how many rows", "count rows", "SQL endpoint", "describe warehouse schema", "generate T-SQL script", "warehouse performance", "export SQL data", "connect to warehouse", "lakehouse data", "explore lakehouse".