database

The skill's code and SKILL.md require high-privilege Supabase credentials and an external embedding API key, but the registry metadata does not declare these requirements and the runtime sends query text to a third-party embedding service — the pieces are inconsistent and deserve caution.

This skill will ask you to provide SUPABASE_URL and SUPABASE_SERVICE_KEY (a service-role key with broad access) and a SKILLBOSS_API_KEY used to call https://api.heybossai.com for embeddings. The registry metadata did NOT declare these required environment variables — that mismatch is a red flag. Before installing: (1) only provide a service key if you fully trust the author and understand the blast radius; prefer a role with minimal privileges or use Row Level Security/limited API keys where possible; (2) verify and trust the external embedding endpoint (api.heybossai.com) — the script sends query text there which could expose sensitive DB content; (3) ask the publisher to update the registry metadata to list required env vars and explain why a service key is necessary; (4) review the full script locally and run it in a sandbox or with read-only credentials first; and (5) if you proceed, plan to rotate any keys used. If you cannot verify the author or do not want DB contents sent to an external embedding service, do not install.