Security Audit
supabase-automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
supabase-automation received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential for SQL Injection via Arbitrary SQL Execution, Exposure of Sensitive API Keys, Potential for Data Exfiltration via Database Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for SQL Injection via Arbitrary SQL Execution The skill exposes the `SUPABASE_BETA_RUN_SQL_QUERY` tool, which allows the execution of arbitrary PostgreSQL SQL statements. If the LLM constructs SQL queries directly from untrusted user input without proper sanitization or parameterization, it could lead to SQL injection vulnerabilities. An attacker could manipulate the database, exfiltrate sensitive data, or perform unauthorized operations. Instruct the LLM to always sanitize or parameterize any user-provided input before incorporating it into SQL queries. Prefer using `SUPABASE_SELECT_FROM_TABLE` for read operations and only use `SUPABASE_BETA_RUN_SQL_QUERY` when absolutely necessary, with `read_only: true` for non-mutating operations. Emphasize the importance of validating and escaping all dynamic parts of SQL queries. | LLM | SKILL.md:60 | |
| HIGH | Exposure of Sensitive API Keys The skill provides access to the `SUPABASE_GET_PROJECT_API_KEYS` tool, which returns live service-role API keys. Although the documentation explicitly warns against logging, displaying, or persisting these keys, there is a high risk of credential exposure if the LLM is prompted to output this information to the user or an insecure channel, or if it fails to handle the output securely. Reinforce the instruction for the LLM to never log, display, or persist the full values of API keys obtained through `SUPABASE_GET_PROJECT_API_KEYS`. If displaying is absolutely necessary, only show truncated or masked versions. Consider restricting the use of this tool to highly privileged contexts or implementing additional safeguards within the LLM's operational logic to prevent accidental exposure. | LLM | SKILL.md:90 | |
| MEDIUM | Potential for Data Exfiltration via Database Access The skill provides extensive capabilities to query and manage Supabase database tables, including selecting data, inspecting schemas, and executing arbitrary SQL. While the primary purpose of the skill is data interaction, there is an inherent risk of data exfiltration if the LLM is prompted to retrieve sensitive information from the database and then output it to an unauthorized user or channel. Instruct the LLM to exercise caution when retrieving and presenting data, especially from sensitive tables. It should confirm the user's intent and authorization before exposing potentially private or confidential information. Implement policies to limit the amount and type of data returned to the user unless explicitly requested and justified. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/67441e90958223b5)
Powered by SkillShield