ClawHub

Volcengine Db Supabase

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for managing Supabase-style databases, but it has high-impact database authority and one read-like command can still change the database.

Install only if you intend to let the agent administer a Volcengine AIDAP/Supabase workspace with privileged credentials. Use explicit user confirmation for writes and destructive actions, keep `SUPABASE_SERVICE_ROLE_KEY`, database URLs, and Volcengine AK/SK out of logs and final summaries, and do not rely on `READ_ONLY=true` to make every apparently read-only command harmless because `list-migrations` can still create migration metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The 'list-migrations' action performs CREATE SCHEMA and CREATE TABLE statements before reading migration history, so a read-like command mutates the target database. In a deployment/database-management skill, this is dangerous because callers may invoke a supposedly safe listing action in read-only or production contexts and unexpectedly alter state.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad and encourages use for many database administration actions, including setup, branch management, API keys, connection info, SQL execution, migrations, and service activation, without crisp gating conditions. In an agent setting, broad triggers can cause the skill to activate in contexts where the user did not intend sensitive infrastructure or credential operations, leading to overreach and accidental exposure or modification.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly shows how to deploy an Edge Function with JWT verification disabled, making the endpoint publicly callable without any accompanying warning about authentication, abuse, or data exposure risks. In a database-management skill, this is dangerous because users may copy the command verbatim and unintentionally expose privileged logic or webhook handlers to unauthorized access.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The delete command is a destructive operation presented without any warning, confirmation guidance, or note about irreversibility. While not exploitable by itself, documentation that normalizes deletion without caution increases the chance of accidental service disruption or loss of deployed function behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal