XvX Systems
English EN Deutsch DE

XvX Skill

MySQL gateway for controlled data access

A local access layer for MySQL and MariaDB. The skill validates SQL, enforces profile permissions, runs parameterized queries and returns JSON-compatible results.

MySQL/MariaDB Read-only profiles JSON Output
XvX Systems logo

Capabilities

Built as a safe bridge between skills and databases.

Profile-based permissions

Read-only profiles allow only SELECT, SHOW, DESCRIBE and EXPLAIN. Write profiles must be enabled explicitly.

SQL validation

Multi-statement SQL, administrative commands and destructive schema operations are blocked before a connection is used.

Parameterized queries

The executor expects parameters for placeholders and prevents other skills from interpolating raw user input into SQL.

Auditable logging

Every attempt is logged with profile, query hash, runtime, row count and result status, without logging secrets or large raw values.

Quickstart

CLI and Python calls for controlled queries.

Other skills should use this gateway instead of opening their own database connections. Output stays JSON-compatible and includes status, profile, query hash, runtime and rows.

python3 skills/mysql/agent.py --profile readonly --query "SELECT 1" python3 skills/mysql/agent.py --profile readonly --query "SELECT * FROM customers WHERE id = %s" --params "[1]" python3 skills/mysql/agent.py --refresh-schema --profile readonly from query_executor import execute

Configuration

Credentials stay central and outside the skill folder.

The skill reads profiles from the central XvX configuration. Real credentials do not belong in the skill folder or brain notes; templates and examples use placeholders.

Config
settings/config.json or settings/mysql.credentials.json
Output
JSON with ok, profile, query_hash, row_count and rows
Schema Cache
skills/mysql/schema_cache.json with tables, columns, primary keys and simple indexes
Dependencies
Python, PyMySQL and documented SQLAlchemy compatibility for later integrations

Security

Database access is a high-risk surface.

DROP, TRUNCATE, ALTER, CREATE USER, GRANT, REVOKE, LOAD DATA, OUTFILE, KILL and similar administrative or destructive operations are blocked. Production access, irreversible migrations and mass changes always require explicit human approval.