Supabase ⚡
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: supabase-query Version: 1.0.0 The skill is classified as suspicious due to its requirement for a Supabase `service_role` key, which grants 'full admin access' to the user's database, as explicitly stated in `SKILL.md`. While the primary functions in `scripts/supabase.py` (e.g., `list_users`, `count_users`) are read-only GET requests, the `run_query` function in `scripts/supabase.py` allows executing arbitrary SQL queries via a user-defined RPC. This presents a significant risk for potential SQL injection or unauthorized database manipulation if the user's RPC is vulnerable or if the feature is misused, even though the skill itself does not create or exploit such vulnerabilities and provides a disclaimer.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the skill only reads analytics, but a raw SQL path could perform high-impact database actions if invoked with a privileged key and an exec_sql RPC exists.
The script contains a helper that sends arbitrary SQL to a Supabase RPC endpoint using the configured key. The visible code does not restrict the SQL to read-only statements, so if this path is exposed it could modify or delete database data.
def run_query(sql: str): ... requests.post(f"{url}/rest/v1/rpc/exec_sql", headers=headers, json={"query": sql}, timeout=30)Remove or disable arbitrary SQL execution, or enforce read-only queries and explicit user confirmation before any SQL RPC call.
The documentation could cause a user to grant a full-admin key under the impression that the skill has only read-only behavior.
These safety claims are not fully aligned with the included script, which defines a POST-based exec_sql helper capable of submitting arbitrary SQL.
**What this skill does:** - Makes GET requests to your Supabase project's Auth Admin API ... **What this skill does NOT do:** - Does not write, modify, or delete any data
Update the documentation to accurately disclose every write-capable or SQL-execution path, or remove those paths from the code.
Anyone or anything with this key can have powerful access to the Supabase project, and the skill can read user details such as names and emails.
The skill clearly discloses that it needs a Supabase service_role key, which is a highly privileged credential, to list and count users.
The `service_role` key has **full admin access** to your database. This skill requires it for the Auth Admin API (listing/counting users).
Use a least-privilege read-only role if possible, keep the key out of shared logs or chats, and rotate it if it may have been exposed.
Scheduled reports may repeatedly surface user names and emails after setup, which can be useful but should be intentionally managed.
The documentation describes a user-directed recurring job that can continue querying and reporting Supabase user information on a schedule.
Set up automated daily user reports via Clawdbot cron.
Only create cron reports when needed, limit reported fields, and periodically review or remove scheduled jobs.