Back to skill
Skillv1.2.1
VirusTotal security
Supabase DB · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:22 AM
- Hash
- f31e41717b6c9c32927ca39413a48d08053cb2d57dbc27f0801544a4e62353b8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: supabase-db Version: 1.2.1 The skill provides high-risk database capabilities, including raw SQL execution via the `query` command and the use of the Supabase Service Role Key, which explicitly bypasses Row Level Security (RLS). While these features are aligned with the stated purpose of a database management tool, they represent significant security risks in an AI agent context. The implementation in `scripts/supabase.sh` and instructions in `SKILL.md` appear functional and lack clear evidence of intentional malice, though the future-dated metadata and migration notices (March 2026) in `_meta.json` and `SKILL.md` are unusual.
- External report
- View on VirusTotal