ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Volcengine Supabase

v1.0.0

Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run...

0· 322·0 current·0 all-time
byTech@techstylex

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for techstylex/supabase-skills.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Volcengine Supabase" (techstylex/supabase-skills) from ClawHub.
Skill page: https://clawhub.ai/techstylex/supabase-skills
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install supabase-skills

ClawHub CLI

Package manager switcher

npx clawhub@latest install supabase-skills
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code: the bundle implements a CLI (scripts/call_volcengine_supabase.py) to list/manage workspaces, branches, DB, Edge Functions, and Storage on Volcengine Supabase. However, registry metadata claims no required environment variables while SKILL.md and the code clearly require VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY (and optionally other SUPABASE_* env vars). That metadata mismatch is misleading.
Instruction Scope
SKILL.md instructs running the included Python CLI via 'uv run' or python. The runtime instructions and examples match the actual code paths. The CLI accepts file arguments (e.g. --query-file, --source-file) and will read those files locally, and it will send content (SQL, source files, import maps) to remote Volcengine endpoints — this is expected for the stated capability. Note: the code will also attempt to obtain credentials from a vefaas IAM helper if present, which expands how credentials can be acquired at runtime.
Install Mechanism
No install script is included (instruction-only install), but requirements.txt declares dependencies including a git+https pip install of 'git+https://github.com/sjcsjcsjc/volcengine-python-sdk.git@<commit>'. Installing directly from a third‑party GitHub repo (not an official release host) is a moderate risk and should be reviewed. No arbitrary binary downloads or extract steps were found.
!
Credentials
The code legitimately needs Volcengine credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) to call APIs and may use VOLCENGINE_SESSION_TOKEN or vefaas IAM to obtain temporary creds. The registry metadata omitted these required env vars and listed no primary credential — that mismatch is problematic. No unrelated credentials are requested, but the automatic vefaas IAM credential fetch behavior should be considered before running in shared/sensitive environments.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It runs as a CLI and uses included code; autonomous invocation (default) is allowed but not combined with other privileged flags.
What to consider before installing
This package appears to implement what it says (a Volcengine Supabase CLI), but the registry metadata omits the required Volcengine credentials and the requirements install a Python SDK directly from a third‑party GitHub repo. Before installing: (1) verify you trust the GitHub repo referenced in requirements.txt or pin/replace it with an official SDK; (2) do not provide production VOLCENGINE_ACCESS_KEY/SECRET_KEY to untrusted code—test in a safe/non-production account or use limited-permission credentials; (3) be aware the CLI can read any local file paths you pass (SQL, source code) and will transmit those contents to Volcengine endpoints; (4) note the code may try to obtain temporary credentials via a vefaas IAM helper if present—avoid running in environments where that could expose broader credentials. If the missing required-env metadata concerns you, ask the publisher to update the manifest to declare VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY (and any other env vars) explicitly and to justify the git dependency.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧩 Clawdis
OSmacOS · Linux
Binsuv
latestvk979zagnt7z4h7zh3atwgrtb7582sstz
322downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
macOS, Linux
Tech@techstylex
latest
Download

火山引擎 Supabase

本 Skill 用于在对话中充当火山引擎 Supabase 的智能运维与开发代理

它会:

  • 识别用户的 Supabase 自然语言需求
  • 直接调用 scripts/call_volcengine_supabase.py 获取实时结果
  • 基于返回结果做解释、排障和下一步建议

运行方式

# 方式 1:使用 uv(推荐)
uv run ./scripts/call_volcengine_supabase.py <action> [options]

# 方式 2:使用 python(需预装依赖)
python ./scripts/call_volcengine_supabase.py <action> [options]

前置条件

  • 必需环境变量:VOLCENGINE_ACCESS_KEYVOLCENGINE_SECRET_KEY(如果在沙箱环境/vefaas IAM 环境下运行,将自动获取临时凭证,可不配置环境变量)
  • 可选环境变量:VOLCENGINE_REGIONDEFAULT_WORKSPACE_IDREAD_ONLYSUPABASE_WORKSPACE_SLUGSUPABASE_ENDPOINT_SCHEME
  • 若未配置依赖,可先执行:uv pip install -r requirements.txtpip install -r requirements.txt

标准使用流程

  1. 先确认目标资源:workspace_idbranch_id
  2. 优先执行只读查询,确认现状
  3. 需要变更时,再执行写操作
  4. 变更后再次查询,确认结果已生效

常用命令示例

# 查看可访问的 workspace
uv run ./scripts/call_volcengine_supabase.py list-workspaces

# 查看 workspace 详情
uv run ./scripts/call_volcengine_supabase.py describe-workspace --workspace-id ws-xxxx

# 获取 workspace URL
uv run ./scripts/call_volcengine_supabase.py get-workspace-url --workspace-id ws-xxxx

# 查看分支
uv run ./scripts/call_volcengine_supabase.py list-branches --workspace-id ws-xxxx

# 执行 SQL
uv run ./scripts/call_volcengine_supabase.py execute-sql --workspace-id ws-xxxx --query "SELECT * FROM pg_tables LIMIT 5"

# 从文件执行 migration
uv run ./scripts/call_volcengine_supabase.py apply-migration --workspace-id ws-xxxx --name create_todos_table --query-file ./migration.sql

# 部署 Edge Function
uv run ./scripts/call_volcengine_supabase.py deploy-edge-function --workspace-id ws-xxxx --function-name hello --source-file ./index.ts

# 创建 Storage bucket
uv run ./scripts/call_volcengine_supabase.py create-storage-bucket --workspace-id ws-xxxx --bucket-name uploads --public

能力范围

工作区与分支

  • list-workspaces
  • describe-workspace
  • create-workspace
  • pause-workspace
  • restore-workspace
  • get-workspace-url
  • get-keys
  • list-branches
  • create-branch
  • delete-branch
  • reset-branch

数据库

  • execute-sql
  • list-tables
  • list-migrations
  • list-extensions
  • apply-migration
  • generate-typescript-types

Edge Functions / Storage

  • list-edge-functions
  • get-edge-function
  • deploy-edge-function
  • delete-edge-function
  • list-storage-buckets
  • create-storage-bucket
  • delete-storage-bucket
  • get-storage-config

应用开发参考

在使用本 Skill 管理 Supabase 资源的同时,以下文档提供应用开发场景的指导:

需求文档
将 Supabase 接入 TS/Python 应用(SDK 初始化 + CRUD)references/app-integration-guide.md
数据库表结构设计与迁移规范references/schema-guide.md
行级安全策略(RLS)配置references/rls-guide.md
Edge Function 编写与部署references/edge-function-dev-guide.md

💡 典型工作流:先用 CLI 创建 workspace / 建表 / 配置 RLS,再参考应用开发文档在业务代码中集成 Supabase SDK。

注意事项

  • 默认遵循“先查后改”
  • get-keys 默认脱敏,只有明确需要时才加 --reveal
  • reset-branch 会丢失未追踪变更,且后端当前会忽略 migration_version
  • READ_ONLY=true 时,所有写操作会被拒绝

参考资料

  • 工具说明:references/tool-reference.md
  • 操作流程:references/workflows.md
  • SQL 示例:references/sql-playbook.md
  • 应用集成:references/app-integration-guide.md
  • Schema 设计:references/schema-guide.md
  • RLS 策略:references/rls-guide.md
  • Edge Function 开发:references/edge-function-dev-guide.md

Comments

Loading comments...