Supabase Ops

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Supabase administration helper, but it should only be used where database and deployment changes are intended.

Install this only for projects where you want an agent to manage Supabase schema, migrations, RLS policies, generated types, and edge functions. Use development credentials by default, protect and rotate the service-role key if exposed, verify the Supabase project target before running commands, and manually approve production migrations or deployments after reviewing the dry-run output.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill claims credentials are accessed exclusively through the Supabase CLI and that it never reads environment or credential files directly, but the included edge function template explicitly reads secrets via Deno.env.get, including the service role key. This inconsistency can mislead users and reviewers about how sensitive credentials are handled, increasing the risk that high-privilege secrets are used in unsafe contexts or copied into inappropriate code paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal