Interact with databases using CLI tools (mysql, psql, sqlcmd, sqlite3). Use this skill whenever the user wants to query, inspect, modify, or manage a database — whether they ask to "check the database", "run a query", "look up a record", "update a row", "show me the tables", "what's in the users table", or any variation involving SQL or database operations. Also trigger when the user mentions table names, column names, SQL keywords, or wants to debug data issues. Even casual references like "check if that record exists" or "how many rows in X" should trigger this skill. Supports MySQL, PostgreSQL, SQL Server, and SQLite.
Execute SQL queries against databases using the appropriate CLI tool. Read
credentials from the project's .claude/auth/database.json file and build
the correct command for the database engine.
Look for credentials at .claude/auth/database.json relative to the project
root. The file structure:
{
"DB_CONNECTION": "mysql|pgsql|sqlsrv|sqlite",
"DB_HOST": "hostname",
"DB_PORT": 3306,
"DB_DATABASE": "database_name",
"DB_USERNAME": "user",
"DB_PASSWORD": "password"
}
For SQLite, only DB_CONNECTION and DB_DATABASE (the file path) are needed.
If the credentials file doesn't exist, ask the user for connection details before proceeding.
| DB_CONNECTION | CLI Tool | Notes |
|---|---|---|
mysql |
mysql |
| Default port 3306 |
pgsql | psql | Default port 5432 |
sqlsrv | sqlcmd | Default port 1433 |
sqlite | sqlite3 | File-based, no host/port |
mysql -h "$HOST" -P "$PORT" -u "$USER" --password="$PASS" "$DB" << 'EOSQL'
SQL_QUERY;
EOSQL
Using a heredoc with single-quoted delimiter ('EOSQL') prevents shell
expansion inside the SQL. The --password="..." form with double quotes
handles special characters (#, !, *, ^) in passwords reliably.
For tabular output add -t. For vertical output add -E.
For batch/script output (no borders) omit -t.
PGPASSWORD="$PASS" psql -h "$HOST" -p "$PORT" -U "$USER" -d "$DB" -c "SQL_QUERY"
sqlcmd -S "$HOST,$PORT" -U "$USER" -P "$PASS" -d "$DB" -Q "SQL_QUERY"
sqlite3 "$DB_PATH" "SQL_QUERY"
Use .headers on and .mode column for readable output:
sqlite3 "$DB_PATH" -header -column "SQL_QUERY"
CRITICAL: Before executing any query that modifies data or schema, you MUST show the full SQL to the user and ask for explicit confirmation using the AskUserQuestion tool. Never run destructive queries silently.
Destructive operations include:
INSERT, UPDATE, DELETEDROP, ALTER, TRUNCATECREATE (tables, indexes, etc.)RENAMEREPLACEGRANT, REVOKERead-only operations that can run without confirmation:
SELECTSHOW (tables, databases, columns, indexes, status, etc.)DESCRIBE / DESC / EXPLAINUSESET (session variables for formatting)When asking for confirmation, present:
If you can, run a SELECT first to show the user what will be affected before asking for confirmation on the destructive query.
LIMIT to avoid overwhelming outputCOUNT(*) first when the user asks "how many" questionsSHOW TABLES or equivalentDESCRIBE table_name or equivalentDatabase passwords often contain special shell characters (#, *, !,
^, @, etc.). Use --password="..." with double quotes for MySQL.
Pass the SQL via heredoc to avoid shell expansion issues with -e:
mysql -h host -u user --password="pa$$w0rd#!" db << 'EOSQL'
SELECT 1;
EOSQL
Inside double quotes, escape $ as \$, backticks as \`, and " as
\". Most other special characters (#, *, !, ^, @) are safe as-is
inside double quotes. The single-quoted heredoc delimiter ('EOSQL') prevents
any expansion in the SQL body.
.claude/auth/database.json from the project rootDB_CONNECTION