Next-Supabase-Vercel Bundle
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: next-supabase-vercel-bundle Version: 1.0.0 The skill bundle is a legitimate development orchestrator for Next.js, Supabase, and Vercel. It automates project setup, generates boilerplate code and SQL migration files, and guides the user through manual configuration steps in Supabase and Vercel dashboards. All `execSync` calls in `src/commands/*.js` are for standard development tools (`npx`, `npm`, `vercel`) and use `stdio: 'inherit'` for transparency. Crucially, despite a potentially misleading statement in `SKILL.md` about 'automatic migration execution', the `src/commands/db.js` and `src/commands/storage.js` files explicitly instruct the user to run SQL migrations and configure RLS policies manually in the Supabase dashboard. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent. The handling of `SUPABASE_SERVICE_KEY` is confined to generated server-side client code, which is appropriate for its intended use.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental project name could cause commands to run on the user's machine during project creation.
The project name comes from the CLI argument and is joined into a shell command string. If an agent or user supplies a name containing shell metacharacters, it can execute unintended local commands.
const createNextAppCommand = ['npx', 'create-next-app@latest', projectName, ...]; execSync(createNextAppCommand.join(' '), { stdio: 'inherit' });Use spawn/execFile with argument arrays, validate project names against a strict safe pattern, quote paths safely, and avoid building shell strings from user input.
If an untrusted value is used for the port, it could run extra shell commands instead of only starting the dev server.
The port option is inserted directly into a shell command without numeric validation or argument escaping.
execSync(`npm run dev -- --port ${options.port}`, { stdio: 'inherit' });Validate the port as an integer in an allowed range and invoke npm using spawn/execFile arguments rather than a shell-interpolated string.
The agent could publish or link the current project in the user's Vercel account before the user has reviewed the deployment target.
The deploy command can link and deploy using the user's Vercel CLI session, including a --yes link operation, without showing or confirming the exact account, team, project, or deployment target.
execSync('vercel link --yes', { stdio: 'inherit' }); ... execSync(`vercel deploy ${deployFlags}`, { stdio: 'inherit' });Require explicit user confirmation before linking or deploying, display the Vercel account/team/project/environment, and avoid --yes unless the user has approved the exact action.
If the service key is exposed or committed, it can give broad access to the Supabase project.
The generated environment template asks for a Supabase service-role key, which is a high-privilege credential. This is purpose-aligned for server-side Supabase operations, but the registry metadata declares no primary credential or required env vars.
SUPABASE_SERVICE_KEY=your_service_role_key_here
Treat the service-role key as a secret, never expose it to client-side code, keep it out of git, and declare the credential requirement clearly in metadata.
The generated project may execute newly downloaded package code during setup, so compromise or changes upstream could affect the user's machine.
The scaffolding flow downloads and runs npm-sourced tooling/packages at runtime, including an @latest package. This is expected for a project generator, but it relies on current npm supply-chain state.
'npx', 'create-next-app@latest' ... const installCommand = `cd ${projectPath} && npm install @supabase/supabase-js @supabase/ssr`;Pin versions where practical, document the packages that will be executed, and let users review the command before running it.