Supabase Manager

Security checks across malware telemetry and agentic risk

Overview

This Supabase database skill appears purpose-aligned, but it needs review because it can operate on live databases while its activation scope and credential persistence guidance are not tight enough.

Review before installing. Use a test Supabase project first, prefer restricted anon keys over service-role keys, avoid writing secrets into local config unless you understand where they are stored, and require explicit confirmation before any insert, update, delete, schema change, or raw SQL execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill states earlier that credentials are not stored to disk, but later instructs to store config locally. In this skill, local config may reasonably include the Supabase URL and anon key, creating a contradiction that can lead operators or downstream agents to persist credentials unintentionally.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list includes broad terms such as 'database' and 'delete from', which can cause the skill to activate in contexts that are not clearly intended for Supabase operations. Because this skill performs live data operations, accidental activation increases the chance of unintended reads, writes, or destructive actions against a connected project.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal