Skillv1.2.1

ClawScan security

Supabase DB · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 4:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements the advertised Supabase DB functionality, but packaging inconsistencies and the requirement to supply a Supabase service-role key (full DB/admin access) and external API keys raise proportionality and installation concerns.
Guidance: This skill appears to implement the Supabase functionality it claims, but proceed cautiously: 1) It requires a Supabase service-role key (SUPABASE_SERVICE_KEY) that can read/modify all data and bypasses RLS — only provide a service key if you trust the skill and consider using a least-privilege/project-scoped key instead. 2) Vector search requires an OpenAI API key; the script will send your query text to OpenAI and use the returned embedding. 3) The package metadata does not list these env vars or required tools (curl, jq); check you trust the source and inspect scripts before installing. 4) If you install, run the skill in an isolated environment or with rotated/limited keys first, and avoid giving permanent high-privilege credentials to untrusted skills.

Review Dimensions

Purpose & Capability: noteThe name/description match the provided script and README: the skill performs SQL, CRUD, table management, and pgvector/OpenAI-based vector search. However the registry metadata claims no required environment variables or binaries while SKILL.md and the shipped script explicitly require SUPABASE_URL, SUPABASE_SERVICE_KEY (and OPENAI_API_KEY for vector search) and rely on curl/jq. This metadata mismatch is a packaging/information inconsistency.
Instruction Scope: okSKILL.md and the script confine actions to Supabase and OpenAI endpoints and to DB operations; they do not instruct reading arbitrary host files or harvesting unrelated environment variables. Vector-search flows call OpenAI to generate embeddings and call Supabase RPCs. The script will send the provided keys to those services (expected for the stated features).
Install Mechanism: okThere is no external install/download: this is an instruction-only skill with a bundled shell script. No remote archives or obscure URLs are fetched during install. Risk is limited to running the included script, which will be written to disk if the user installs the skill.
Credentials: concernThe skill requires a Supabase service-role key (SUPABASE_SERVICE_KEY) which grants full database access and bypasses Row-Level Security — a high-privilege credential. That level of access is consistent with features like raw SQL and creating extensions but is sensitive and broad. The skill also uses OPENAI_API_KEY for embeddings. The registry metadata failing to declare these required env vars increases the chance users will unintentionally expose high-privilege credentials. Prefer least-privilege/project-scoped keys where possible.
Persistence & Privilege: concernThe skill does not force permanent inclusion (always:false) but allows autonomous invocation (platform default). Autonomous invocation combined with a supplied service-role key raises the blast radius: if the agent invokes this skill on its own, it could perform high-privilege DB operations without further prompts. This is expected for DB admin-style skills but is worth conscious risk consideration.