ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Supabase Ops

v0.1.2

Manages Supabase migrations, types generation, RLS policies, and edge functions

0· 1.5k·4 current·4 all-time
byGuilherme Favaron@guifav
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (Supabase migrations, types, RLS, edge functions) matches the SKILL.md instructions: creating migration files, running `npx supabase` commands, generating types, scaffolding and deploying edge functions. However, the registry summary at the top of the report lists no required env vars or binaries while the embedded claw.json and SKILL.md both require `npx`, `git` and three env vars (NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY). That metadata mismatch is inconsistent and unexplained.
!
Instruction Scope
SKILL.md explicitly instructs the agent to read and modify repo files (supabase/migrations/, src/lib/supabase/types.ts), run commands that alter a database (`npx supabase db push`), regenerate types, and commit changes. Those actions are in-scope for a migration tool, but they give the skill permission to modify the user's repository and apply schema changes. The doc also claims credentials are accessed exclusively via the Supabase CLI and that it never reads .env files — that is an instruction, not an enforceable guarantee; the agent can still access environment or files if available. The plan/approval protocol is good, but the agent's ability to run destructive operations (with the provided keys) means the instruction scope is high-impact and needs careful user approval before production runs.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That minimizes install-time risk because nothing is being downloaded or written by an installer. Runtime commands (npx, git) are relied on to be present on the host.
!
Credentials
The skill requires three environment values: NEXT_PUBLIC_SUPABASE_URL (declared as primaryEnv), NEXT_PUBLIC_SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY. The service role key is highly privileged (can bypass RLS and perform admin operations) and grants full DB access; it is appropriate for admin/deploy tasks but must be treated as a secret and scoped carefully. Using both public anon keys and the service role key is plausible but increases risk if the service role key is provided to an automated agent. Additionally, setting the URL as primaryEnv is odd (URL is not a secret) while the most-sensitive credential is not set as primaryEnv — a minor inconsistency. Finally, the top-level registry metadata claims no required env vars whereas claw.json and SKILL.md do; that mismatch is a red flag for sloppy metadata or potential attempt to hide required secrets.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable. claw.json includes permissions for filesystem and network which are expected for a migration helper but broaden the blast radius when combined with the service role key and autonomous invocation (the skill can be invoked by the agent). The skill will write migration files, regenerate types, and run git commits — legitimate but powerful. Because autonomous invocation is allowed by default, providing high-privilege credentials increases risk; there's no built-in forced gating beyond the planning protocol.
What to consider before installing
This skill appears to do what it says (manage Supabase migrations and edge functions) but ask yourself the following before installing or giving it credentials: - Do NOT provide your SUPABASE_SERVICE_ROLE_KEY to any automated skill unless you trust it and you understand the consequences. That key bypasses RLS and can read/modify all data. - Prefer running the skill with only development-scoped credentials or on a throwaway environment first. For production, require manual approval and review the 'planning' output before letting the skill run any `db push` with a production DB URL. - Verify the source repository and owner (claw.json references a GitHub URL but the published metadata's 'Homepage' is missing). Inspect the upstream code and commit history yourself if possible. - Be aware the skill will modify your repository (create migration files, regenerate types, run git commit). Ensure you have backups or CI checks and review commits before pushing. - The package metadata is inconsistent (registry metadata shows no required env vars while the included files require them). Treat that as a sign to be cautious and ask the publisher for clarification. If you decide to proceed: provide least-privilege credentials, run the skill in a dev branch or staging project, require dry-runs and explicit confirmations for production, and review all generated migrations and commits before applying them to production.

Like a lobster shell, security has layers — review code before you run it.

latestvk977wqawhffkb4tzt0bmqxxntn83ftgw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments