Security Audit
supabase
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
supabase received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for Command Injection in CLI arguments, Direct exposure of secrets and potential for data exfiltration, Broad access to Supabase project management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for Command Injection in CLI arguments The skill exposes numerous `supabase` CLI commands that accept parameters (e.g., project IDs, names, paths, SQL queries, secret names/values). If an agent directly interpolates untrusted user input into these parameters without proper sanitization, it could lead to command injection. This includes shell command injection (e.g., in file paths or names), and SQL injection (in `db execute`). For example, an attacker could inject malicious shell commands into `<local-path>` or `<function-name>`, or craft a malicious SQL query for `supabase db execute`. Implement robust input validation and sanitization for all user-provided arguments before constructing and executing shell commands. Use parameterized queries for SQL commands. Consider using a safer API wrapper instead of direct shell execution where possible, or strictly whitelist allowed inputs. | LLM | SKILL.md:30 | |
| CRITICAL | Direct exposure of secrets and potential for data exfiltration The skill includes the command `supabase secrets list` which directly exposes sensitive credentials. If an attacker can trigger this command, they can exfiltrate all configured secrets. Additionally, `supabase db execute` could be exploited via SQL injection to exfiltrate database contents, and `supabase storage cp ss:///<bucket>/<path> <local-path>` could be used to download files to arbitrary local paths, potentially leading to data exfiltration if the local path is attacker-controlled. Restrict access to sensitive commands like `supabase secrets list`. Implement strict access controls and authorization checks before executing any command that can expose or manipulate sensitive data. Ensure all file paths and SQL queries derived from user input are thoroughly validated and sanitized. | LLM | SKILL.md:96 | |
| HIGH | Broad access to Supabase project management The skill provides access to a wide range of powerful `supabase` CLI commands, including database schema manipulation (`db pull`, `db push`, `db reset`, `db diff`), function deployment, storage management, and secret management. An agent equipped with this skill would have extensive control over linked Supabase projects, potentially allowing for significant data modification, deletion, or infrastructure changes. This broad access increases the attack surface if the agent's execution environment is compromised or if its decision-making process is manipulated. Carefully evaluate the principle of least privilege. Only grant the agent access to the specific `supabase` CLI commands and functionalities absolutely necessary for its intended purpose. Consider implementing fine-grained access control within the agent's execution environment or using a more restricted Supabase API client instead of the full CLI. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b245f78f6c78a4c6)
Powered by SkillShield