Back to skill

Security audit

database

Security checks across malware telemetry and agentic risk

Overview

This Supabase database skill is coherent, but it needs review because it uses full-access database credentials, can change or delete data, and sends vector-search text to an external embedding service without a clear runtime warning.

Install only if you trust the publisher and intend to let the agent administer a Supabase project. Prefer non-production or least-privilege credentials where possible, confirm every write, delete, raw SQL, or RPC action before running it, and do not use vector-search with secrets, personal data, customer data, or proprietary text unless you are comfortable sending that query to the external embedding endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The vector-search feature sends user-supplied query text to an external HeyBoss API to generate embeddings, which introduces third-party data exfiltration outside the expected Supabase boundary. Because the script otherwise presents itself as a Supabase database utility and provides no explicit consent or warning at execution time, users may unknowingly transmit sensitive search terms, prompts, or internal data to an external service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is very broad, activating on generic database, vector store, embeddings, or Supabase-related requests. This can cause the skill to be invoked in situations the user did not explicitly intend, increasing the chance of sensitive database actions being suggested or executed with high-privilege credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents raw SQL, update, and delete capabilities without prominent safety warnings, confirmation requirements, or guidance on least-privilege usage. In context, this is more dangerous because the setup explicitly recommends using a Supabase service role key, which bypasses Row Level Security and gives full access, so accidental or induced destructive actions could cause major data loss or unauthorized changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits raw query text to an external API without prominent user-facing warning or confirmation, creating a privacy and data-governance risk. In an agent skill context, search text may contain secrets, customer data, internal identifiers, or proprietary content, making silent transmission more dangerous than in a normal standalone CLI.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.