Supabase
Connect to Supabase for database operations, vector search, and storage. Use for storing data, running SQL queries, similarity search with pgvector, and managing tables. Triggers on requests involving databases, vector stores, embeddings, or Supabase specifically.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 16 · 5.8k · 55 current installs · 56 all-time installs
byLucas Synnott@lucassynnott
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the implementation: the script performs SQL, table management, REST operations, and pgvector similarity search against a Supabase project. Requiring a SUPABASE_SERVICE_KEY (full access service role) is coherent for management tasks. However the skill does not declare the OpenAI API key that the script requires for embeddings, and it does not declare command-line dependencies used by the script (curl, jq). The primary credential field is empty even though SUPABASE_SERVICE_KEY is effectively the main secret.
Instruction Scope
SKILL.md and the bundled script instruct the agent to run arbitrary SQL (via an exec_sql RPC if present) and to send text to the OpenAI embeddings API for vector search. That means user data and DB contents can be transmitted to external endpoints (api.openai.com) and arbitrary SQL could be executed if the exec_sql function exists. The instructions expect OPENAI_API_KEY (used in the script) but this env var is not listed in the declared requirements. The script also assumes presence of jq and curl but the skill metadata doesn't declare these binaries.
Install Mechanism
No install spec — instruction-only plus a shell script shipped in the skill. No external downloads or archive extraction are performed by the skill. This keeps disk-write/install risk low. The script will run network calls, but there is no installer fetching arbitrary code from outside.
Credentials
The skill requires SUPABASE_SERVICE_KEY (a full-access service role key) which is powerful but relevant for management operations; however this should be called out as high-privilege. The script also requires OPENAI_API_KEY for embeddings (and will send content to OpenAI), but OPENAI_API_KEY is not listed in requires.env. Several required runtime dependencies (jq, curl) are implicit. No primary credential is declared even though SUPABASE_SERVICE_KEY is the main secret. Requesting a full service key without explicit least-privilege guidance is disproportionate if users expect only read/search operations.
Persistence & Privilege
The skill is not marked always:true and does not request persistent elevation or modification of other skills. It will run only when invoked and does not attempt to modify system-wide agent settings according to the provided files.
What to consider before installing
This skill appears to implement a legitimate Supabase CLI, but there are a few risks and omissions you should consider before installing:
- SUPABASE_SERVICE_KEY is a service-role key (full DB access). Only provide this to code you fully trust; prefer a least-privilege key or a scoped service role if possible. Do not use a production master/service key in an environment you don't control.
- The bundled script performs arbitrary SQL and can call a custom exec_sql RPC — this enables full read/write/execution against your DB. Review the script and avoid running it with dangerous SQL until you understand it.
- The script uses the OpenAI embeddings API for vector search (sends queries/possibly content to api.openai.com). The script requires OPENAI_API_KEY at runtime, but the skill metadata does not declare this — expect to need to set that env var if you use vector-search. Consider whether you want query text or DB content sent to OpenAI.
- The script depends on curl and jq (not declared). Ensure those binaries are available and review the script locally before running.
Recommendations:
1) Review the full scripts/supabase.sh file locally line-by-line and run it in a sandboxed environment first. 2) Create and use minimal-privilege keys (read-only or scoped service role) where possible. 3) If using vector search, decide whether sending data to OpenAI is acceptable for your data classification; consider hosting your own embedding/model if needed. 4) Ask the publisher to update the skill metadata to declare OPENAI_API_KEY and required binaries, and to mark SUPABASE_SERVICE_KEY as the primary credential so the privilege is explicit.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvSUPABASE_URL, SUPABASE_SERVICE_KEY
SKILL.md
Supabase CLI
Interact with Supabase projects: queries, CRUD, vector search, and table management.
Setup
# Required
export SUPABASE_URL="https://yourproject.supabase.co"
export SUPABASE_SERVICE_KEY="eyJhbGciOiJIUzI1NiIs..."
# Optional: for management API
export SUPABASE_ACCESS_TOKEN="sbp_xxxxx"
Quick Commands
# SQL query
{baseDir}/scripts/supabase.sh query "SELECT * FROM users LIMIT 5"
# Insert data
{baseDir}/scripts/supabase.sh insert users '{"name": "John", "email": "john@example.com"}'
# Select with filters
{baseDir}/scripts/supabase.sh select users --eq "status:active" --limit 10
# Update
{baseDir}/scripts/supabase.sh update users '{"status": "inactive"}' --eq "id:123"
# Delete
{baseDir}/scripts/supabase.sh delete users --eq "id:123"
# Vector similarity search
{baseDir}/scripts/supabase.sh vector-search documents "search query" --match-fn match_documents --limit 5
# List tables
{baseDir}/scripts/supabase.sh tables
# Describe table
{baseDir}/scripts/supabase.sh describe users
Commands Reference
query - Run raw SQL
{baseDir}/scripts/supabase.sh query "<SQL>"
# Examples
{baseDir}/scripts/supabase.sh query "SELECT COUNT(*) FROM users"
{baseDir}/scripts/supabase.sh query "CREATE TABLE items (id serial primary key, name text)"
{baseDir}/scripts/supabase.sh query "SELECT * FROM users WHERE created_at > '2024-01-01'"
select - Query table with filters
{baseDir}/scripts/supabase.sh select <table> [options]
Options:
--columns <cols> Comma-separated columns (default: *)
--eq <col:val> Equal filter (can use multiple)
--neq <col:val> Not equal filter
--gt <col:val> Greater than
--lt <col:val> Less than
--like <col:val> Pattern match (use % for wildcard)
--limit <n> Limit results
--offset <n> Offset results
--order <col> Order by column
--desc Descending order
# Examples
{baseDir}/scripts/supabase.sh select users --eq "status:active" --limit 10
{baseDir}/scripts/supabase.sh select posts --columns "id,title,created_at" --order created_at --desc
{baseDir}/scripts/supabase.sh select products --gt "price:100" --lt "price:500"
insert - Insert row(s)
{baseDir}/scripts/supabase.sh insert <table> '<json>'
# Single row
{baseDir}/scripts/supabase.sh insert users '{"name": "Alice", "email": "alice@test.com"}'
# Multiple rows
{baseDir}/scripts/supabase.sh insert users '[{"name": "Bob"}, {"name": "Carol"}]'
update - Update rows
{baseDir}/scripts/supabase.sh update <table> '<json>' --eq <col:val>
# Example
{baseDir}/scripts/supabase.sh update users '{"status": "inactive"}' --eq "id:123"
{baseDir}/scripts/supabase.sh update posts '{"published": true}' --eq "author_id:5"
upsert - Insert or update
{baseDir}/scripts/supabase.sh upsert <table> '<json>'
# Example (requires unique constraint)
{baseDir}/scripts/supabase.sh upsert users '{"id": 1, "name": "Updated Name"}'
delete - Delete rows
{baseDir}/scripts/supabase.sh delete <table> --eq <col:val>
# Example
{baseDir}/scripts/supabase.sh delete sessions --lt "expires_at:2024-01-01"
vector-search - Similarity search with pgvector
{baseDir}/scripts/supabase.sh vector-search <table> "<query>" [options]
Options:
--match-fn <name> RPC function name (default: match_<table>)
--limit <n> Number of results (default: 5)
--threshold <n> Similarity threshold 0-1 (default: 0.5)
--embedding-model <m> Model for query embedding (default: uses OpenAI)
# Example
{baseDir}/scripts/supabase.sh vector-search documents "How to set up authentication" --limit 10
# Requires a match function like:
# CREATE FUNCTION match_documents(query_embedding vector(1536), match_threshold float, match_count int)
tables - List all tables
{baseDir}/scripts/supabase.sh tables
describe - Show table schema
{baseDir}/scripts/supabase.sh describe <table>
rpc - Call stored procedure
{baseDir}/scripts/supabase.sh rpc <function_name> '<json_params>'
# Example
{baseDir}/scripts/supabase.sh rpc get_user_stats '{"user_id": 123}'
Vector Search Setup
1. Enable pgvector extension
CREATE EXTENSION IF NOT EXISTS vector;
2. Create table with embedding column
CREATE TABLE documents (
id bigserial PRIMARY KEY,
content text,
metadata jsonb,
embedding vector(1536)
);
3. Create similarity search function
CREATE OR REPLACE FUNCTION match_documents(
query_embedding vector(1536),
match_threshold float DEFAULT 0.5,
match_count int DEFAULT 5
)
RETURNS TABLE (
id bigint,
content text,
metadata jsonb,
similarity float
)
LANGUAGE plpgsql
AS $$
BEGIN
RETURN QUERY
SELECT
documents.id,
documents.content,
documents.metadata,
1 - (documents.embedding <=> query_embedding) AS similarity
FROM documents
WHERE 1 - (documents.embedding <=> query_embedding) > match_threshold
ORDER BY documents.embedding <=> query_embedding
LIMIT match_count;
END;
$$;
4. Create index for performance
CREATE INDEX ON documents
USING ivfflat (embedding vector_cosine_ops)
WITH (lists = 100);
Environment Variables
| Variable | Required | Description |
|---|---|---|
| SUPABASE_URL | Yes | Project URL (https://xxx.supabase.co) |
| SUPABASE_SERVICE_KEY | Yes | Service role key (full access) |
| SUPABASE_ANON_KEY | No | Anon key (restricted access) |
| SUPABASE_ACCESS_TOKEN | No | Management API token |
| OPENAI_API_KEY | No | For generating embeddings |
Notes
- Service role key bypasses RLS (Row Level Security)
- Use anon key for client-side/restricted access
- Vector search requires pgvector extension
- Embeddings default to OpenAI text-embedding-ada-002 (1536 dimensions)
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…