ClawHub

Supabase

Security checks across malware telemetry and agentic risk

Overview

This Supabase skill is coherent and not malicious, but it can retrieve and create project API keys with limited user-facing guardrails.

Install only if you trust OOMOL with a connected Supabase account and you intend to let the agent manage Supabase project API keys. Before using API-key actions, confirm the exact project, key type, and need; avoid printing or storing returned keys in transcripts or logs; and inspect or verify the oo CLI installer instead of blindly running the pipe-to-shell setup command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

High
Confidence
89% confidence
Finding
The skill exposes creation of Supabase project API keys, which is a sensitive administrative capability that can grant durable access outside the skill's runtime. In context, this is more dangerous because the manifest frames the skill as general data access, so a caller may invoke it without appreciating that it can mint new credentials with broader or persistent impact.

Vague Triggers

Medium
Confidence
82% confidence
Finding
An activation trigger covering 'ANY Supabase request' is overly broad and can cause the agent to select this skill in situations beyond its safe or intended scope. That increases the chance of invoking sensitive administrative actions, especially since the skill includes API key operations rather than only ordinary data access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly exposes an action for retrieving a project's API key and frames it as a normal read operation, but provides no warning that the returned material is sensitive credential data that must not be broadly disclosed, logged, or echoed back to untrusted users. In an agent setting, this increases the chance of accidental secret exfiltration through over-broad task fulfillment, prompt injection, transcript leakage, or unsafe downstream handling.

External Script Fetching

High
Category
Supply Chain
Content
- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
Confidence
97% confidence
Finding
curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal