ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Supabase

v1.0.0

Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run...

0· 42·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description, SKILL.md, and the bundled Python code all implement Volcengine Supabase management (workspaces, branches, SQL, Edge Functions, Storage). However the registry metadata lists no required environment variables or primary credential while SKILL.md and the code clearly require VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY (and can fetch temporary credentials from a vefaas IAM helper). The missing declaration of these sensitive env vars in the skill metadata is an incoherence that affects trust/permission reasoning.
Instruction Scope
Runtime instructions are explicit: run the included scripts via 'uv run' or python and pass actions/flags. The CLI reads local files (e.g., migration.sql, source files) when you supply file arguments and it can return API keys via get-keys (--reveal needed to show secrets). That behavior is consistent with the stated purpose, but the SKILL.md also instructs installing requirements manually (uv pip install -r requirements.txt) — so using the skill will typically cause additional code to be installed and executed locally. The instructions do not ask the agent to read unrelated host files, but user-supplied file paths will be read by the tool.
!
Install Mechanism
No automated install spec is declared (instruction-only), but a requirements.txt is included and the README suggests running pip install -r requirements.txt. The requirements reference a git+https URL to 'github.com/sjcsjcsjc/volcengine-python-sdk' rather than an official, well-known package repo — installing that pulls code from an external, user-controlled VCS URL which increases risk (supply-chain/execution of unreviewed code).
!
Credentials
The skill requires Volcengine credentials (VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY) and may obtain temporary credentials from a vefaas IAM helper if available. Those credentials are proportionate to managing Volcengine Supabase resources, but they are sensitive and the skill metadata did not declare them. The tool can also expose API keys via 'get-keys' (with a --reveal flag). Requesting broad Cloud API keys is reasonable for the purpose but needs clear, explicit declaration and user caution.
Persistence & Privilege
always:false and normal autonomous invocation settings (disable-model-invocation:false) are used. The skill does not request permanent platform-level privileges or declare 'always:true'. It does not appear to modify other skills or global agent settings. Running the bundled scripts will execute code in the current environment but there is no evidence of hidden persistence mechanisms in the provided files.
What to consider before installing
This skill implements a real Volcengine Supabase CLI and the included Python code matches the SKILL.md, but there are two red flags you should consider before installing or running it: (1) the skill actually requires VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY (and may fetch temporary credentials from vefaas IAM), yet the registry metadata didn't declare these sensitive env vars — treat any key you provide as powerful and limit its privileges and lifetime; (2) the requirements list pulls a volcengine SDK directly from a GitHub user repo (git+https), not an official vetted package — installing will execute unreviewed code from that repo. Recommended steps: review the included Python files yourself (they are bundled), run the tool in an isolated environment or container, avoid using long-lived or high-privilege keys (use least privilege or temporary creds), enable READ_ONLY first to test behavior, and only pip-install dependencies after you inspect the VCS dependency or replace it with a trusted SDK release. If you need higher assurance, ask the publisher for a canonical package source or an explicit list of required env vars in the registry metadata.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a67xx4amg6qyh93pg7x3d0183q2af

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧩 Clawdis
OSmacOS · Linux
Binsuv

Comments