Supabase Tool
AdvisoryAudited by VirusTotal on Apr 17, 2026.
Overview
Type: OpenClaw Skill Name: supabase-tool Version: 1.1.0 The skill is a Supabase command generator, but `scripts/script.sh` contains a shell injection vulnerability. The functions `cmd_query`, `cmd_select`, `cmd_count`, and `cmd_insert` use unquoted heredocs (`cat << EOF`) to interpolate user-provided arguments into the output. This allows for arbitrary command execution on the host if the input contains shell substitutions (e.g., `$(command)`). While the tool's logic appears intended for legitimate database management and lacks evidence of intentional malice or data exfiltration, the insecure handling of shell input makes it high-risk for exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you copy and run the generated commands, they can query or modify your Supabase database; unusual quoting or untrusted input could also make a shell command behave differently than intended.
The helper generates runnable curl commands using user-supplied SQL, and other commands generate inserts/selects. This is core to the skill, but generated shell snippets should be reviewed before execution.
cmd_query() { local sql="${1:-SELECT version()}" ... -d '{"query": "$sql"}' }Review generated commands before running them, avoid untrusted SQL/table/filter input, and test database-changing commands in a safe environment first.
Anyone who sees or obtains real tokens inserted into these commands may be able to access or manage your Supabase project within that token’s permissions.
Generated commands require Supabase access tokens or anon keys. This is expected for Supabase API use and the script uses placeholders rather than storing credentials.
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Use least-privilege Supabase credentials where possible, keep tokens out of shared chats/logs, and rotate tokens if accidentally exposed.