Next-Supabase-Vercel Bundle
v1.0.0ORQUESTADOR REAL para el ciclo completo de desarrollo Full-Stack. Conecta a Supabase, genera migrations SQL ejecutables, y guía paso a paso. Integración con...
⭐ 0· 599·1 current·1 all-time
byBastian Berrios Alarcon@studio-hakke
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Next + Supabase + Vercel orchestration) aligns with the included CLI commands and code. Required binaries (node, npm, npx, vercel) are reasonable. Minor inconsistency: SKILL.md sometimes mentions SUPABASE_SERVICE_KEY as required for db:setup, while the db setup implementation actually looks for NEXT_PUBLIC_SUPABASE_ANON_KEY; init writes both placeholders. This looks like sloppy docs rather than misdirection.
Instruction Scope
Runtime instructions and code operate on project files (create Next app, write .env.local, create pages, produce SQL migrations), run local commands (npx create-next-app, npm install, npm run build/dev), test Supabase via @supabase/supabase-js, and call/vercel via CLI. All of this is within the expected scope. Note: db:setup and other commands read .env.local from the project directory (which may contain sensitive keys) and the deploy flow runs vercel link/deploy, which interacts with your Vercel account.
Install Mechanism
No install spec provided (instruction-only skill plus code files). The CLI itself does not auto-download remote archives from untrusted URLs; it uses standard npx/npm operations when creating projects and installing dependencies. This is the expected, lower-risk pattern for a scaffolding CLI.
Credentials
The skill declares no required environment variables, yet the code reads and writes .env.local and expects NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY (and optionally SUPABASE_SERVICE_KEY for server operations). Requesting Supabase keys is proportional to the purpose, but: (1) the SKILL.md / sample outputs and code show inconsistent variable names, and (2) the repository/template creates a .env.local containing a placeholder SUPABASE_SERVICE_KEY (a sensitive service-role key) — users must not expose service role keys to client-side NEXT_PUBLIC variables or commit them to VCS.
Persistence & Privilege
The skill does not request persistent or global privileges. always is false and it does not attempt to modify other skills or system-wide agent settings. It runs commands only when invoked by user (or agent invocation, which is standard).
Assessment
This skill appears to do what it claims (scaffold Next.js projects, generate migrations, and drive Vercel deployments), but review before use: 1) Verify source/origin — package.json points to a GitHub repo but the skill listing has no homepage; prefer installing from a known repo. 2) Inspect the generated .env.local and never put SUPABASE service-role keys where they will be exposed to the client (NEXT_PUBLIC_ prefix). 3) Expect the CLI to run npx/create-next-app, npm install, git init, and vercel link/deploy — run it in a disposable project or VM if you’re cautious. 4) Note the minor docs/code mismatch on which Supabase key is required (anon vs service key) — ensure you provide the correct key for the intended operation. 5) Check what you paste into the Vercel link prompts and review pasted environment variables before pushing them to any dashboard. If you want higher assurance, locate and review the upstream repo (studiohakke) and run the CLI in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97bppnvsb8btqtyzptfm7rgj181h7ja
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🚀 Clawdis
Binsnode, npm, vercel, npx