Back to skill

Security audit

Aliyun Rds Supabase

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Alibaba Cloud RDS Supabase administration skill with powerful but purpose-aligned cloud-management capabilities.

Install only if you intend to let the agent help administer Alibaba Cloud RDS Supabase resources. Use a least-privilege RAM user or role, verify the exact region and instance ID before any mutating action, and treat delete, stop, restart, password reset, IP whitelist, SSL, and auth changes as operations requiring explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Low
Confidence
96% confidence
Finding
The skill gives conflicting output directory instructions: one section says to write results to `output/database-rds-supabase/`, while the validation and evidence sections use `output/aliyun-rds-supabase/`. In an agent workflow, inconsistent artifact paths can cause evidence to be written to the wrong location, validation to miss outputs, or downstream automation to consume incomplete or stale files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.