Alibabacloud Analyticdb Postgresql Supabase Ops

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Alibaba Cloud Supabase operations skill, but it needs review because it can retrieve project secrets and change cloud resources with some risk under-described.

Install only if you want an agent to manage Alibaba Cloud ADBPG Supabase resources. Use a least-privilege RAM profile, confirm every cost/downtime/network change, require explicit approval before retrieving API keys or dashboard credentials, avoid debug/config output in shared logs, and verify the Aliyun CLI/plugin installation source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The verification guide explicitly instructs retrieval of dashboard account information, including login URL and credentials. Even though the skill manages Supabase projects, documenting how to fetch credentials increases the chance the agent will surface or handle secrets unnecessarily, expanding exposure beyond ordinary lifecycle operations.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "Supabase" is extremely broad and can activate this skill during ordinary conversation about unrelated Supabase topics, causing an infrastructure-management skill to engage out of context. In a skill that can create projects, reset passwords, return API keys, and change network allowlists, overbroad activation materially increases the chance of unintended sensitive operations or disclosure.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The manifest gives a few example triggers but does not define precise activation boundaries, exclusions, or disambiguation behavior. That ambiguity is risky because this skill performs privileged cloud operations, so unclear scope can cause it to run in the wrong context and mishandle requests involving similarly named products or generic platform discussions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to set long-lived access keys directly on the command line and in environment variables without warning that these secrets can leak via shell history, CI logs, screenshots, copied scripts, or shared terminals. In an ops-focused skill that manages Supabase/ADBPG lifecycle actions, exposed keys could enable unauthorized cloud access and project administration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Recommending `aliyun configure get` and debug logging without caution can cause credential material or sensitive configuration details to be displayed on screen or captured in logs. In agent-driven automation and troubleshooting contexts, such output is especially likely to be persisted in CI/CD logs, support bundles, or chat transcripts.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document labels API key retrieval and dashboard account access as low-risk/read-only operations, but these are sensitive credential-related actions that can expose secrets or privileged access if used broadly or logged insecurely. In the context of a management skill for Supabase projects, documenting these permissions without an explicit warning about secret handling, least-privilege use, redaction, and audit requirements increases the chance that operators grant or use them too casually.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The password reset verification procedure recommends testing the new password and confirming the old password fails, which requires active handling of live credentials and intentional failed authentication attempts. Without explicit safeguards, this can lead to credential disclosure in logs, unsafe storage, or disruptive authentication testing against production resources.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The document describes querying API keys and dashboard credentials and treats their presence as a verification success condition, but provides no warning or controls for handling these highly sensitive values. In an agent context, this materially increases the risk of accidental disclosure to chat output, logs, traces, or downstream tools, enabling full project compromise.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The skill explicitly permits retrieving project API keys and returning them to the user, which normalizes secret disclosure through the agent response channel. Even when sourced from an official API, reflecting secrets into chat increases exposure through logs, transcripts, screenshots, and accidental forwarding, especially because this skill may be triggered too broadly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal