ClawHub

Supabase DB

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Supabase database tool, but it gives an agent broad database write/delete and raw SQL authority with highly privileged credentials and limited safety controls.

Install only if you intend to let an agent administer your Supabase database. Use a staging project or narrowly scoped credential where possible, keep backups, require human review before SQL/update/delete/RPC actions, protect the Supabase key from logs and untrusted prompts, and avoid vector search for confidential query text unless sending it to OpenAI is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly instructs users to supply a Supabase service-role key and notes that it bypasses RLS, but it does not pair that guidance with clear warnings about the key's administrative scope, safe storage, or the risk of unrestricted data access and modification. In an agent skill context, exposing raw query, CRUD, and RPC functionality behind a highly privileged credential materially increases the chance of accidental or prompt-induced destructive operations across the entire database.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises raw SQL, insert, update, upsert, delete, and table management capabilities without warning that these actions can irreversibly alter or destroy data. In a conversational agent setting, where commands may be generated from natural-language requests, the lack of cautionary guidance makes accidental destructive use more likely, especially when combined with privileged Supabase credentials.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly documents destructive operations such as update, delete, and schema-affecting commands without prominent safety guidance, confirmation requirements, or warnings about irreversible data loss. In a database skill that is likely used by agents, this increases the chance of accidental or unsafe execution against production systems, especially because the documented credentials include highly privileged service-role access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes a raw SQL query interface and includes examples for CREATE TABLE and unrestricted SELECT without emphasizing that arbitrary SQL may modify schema, destroy data, or bypass normal application safeguards. This is more dangerous in context because the documented environment uses a Supabase service key, which bypasses RLS and can perform privileged operations across the database.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The vector-search command transmits user-supplied query text to OpenAI to generate embeddings, but the script gives no warning, consent prompt, or privacy notice before sending potentially sensitive content to a third party. In a database utility context, users may reasonably assume queries stay within Supabase, so this can cause unintended data disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal