Trust Assessment
supabase received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 2 high, 2 medium, and 1 low severity. Key findings include Suspicious import: requests, Skill requires full Supabase admin (service_role) key, Skill designed to retrieve and display sensitive user PII.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 31/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill requires full Supabase admin (service_role) key The skill explicitly states and requires the Supabase `service_role` key, which grants full administrative access to the Supabase project. This level of access is excessive for the stated purpose of 'user analytics' and poses a significant risk if the skill or the environment it runs in is compromised. The `call_rpc` command further allows arbitrary RPC function execution with this high privilege. Implement a least-privilege approach. Create a dedicated Supabase role with read-only access specifically to the `auth.users` table and any other necessary tables/views, and use a key associated with that role instead of the `service_role` key. Remove or restrict the `call_rpc` command if not strictly necessary for core functionality. | LLM | SKILL.md:30 | |
| HIGH | Skill designed to retrieve and display sensitive user PII The `list-users` command and related functions (`list_users`, `users_today`, `users_week`) are designed to retrieve and display sensitive user information, including email addresses, names, and signup dates. While this is the skill's intended functionality, it represents a direct exfiltration of Personally Identifiable Information (PII) from the Supabase database. If the skill's output is not securely handled by the consuming agent or if the agent is compromised, this data could be exposed. Ensure that the LLM and any downstream systems handling the skill's output are configured with robust data handling policies, PII redaction, and access controls. Consider adding options to redact sensitive fields by default or require explicit user confirmation for displaying PII. | LLM | scripts/supabase.py:120 | |
| HIGH | Arbitrary Supabase RPC function execution via `call-rpc` command The `call-rpc` command in `scripts/supabase.py` allows users to specify an arbitrary `function_name` and `payload` to be executed as a Supabase Remote Procedure Call (RPC). When combined with the `service_role` key (which has full admin access), this enables the execution of any database function, potentially leading to data manipulation, deletion, or further exfiltration beyond the skill's stated purpose. This is a direct command injection equivalent within the Supabase context. Remove the `call-rpc` command if it's not essential for the skill's core functionality. If it must remain, implement strict validation and whitelisting of allowed `function_name` values and payload structures. Ensure the `service_role` key is not used for this command, or that the RPC functions themselves are secured with appropriate permissions. | LLM | scripts/supabase.py:250 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mvanhorn/supabase-users/scripts/supabase.py:19 | |
| MEDIUM | Skill handles and stores highly privileged Supabase `service_role` key The skill requires and handles the Supabase `service_role` key, which grants full administrative access. While the skill attempts to secure the stored configuration file (`~/.supabase_config.json`) with `0o600` permissions, the presence and handling of such a powerful credential within the skill's operational context (environment variables, local file) makes it a high-value target for attackers if the host system or the skill itself is compromised. Reiterate strong warnings about the sensitivity of the `service_role` key. Encourage users to use environment variables over file storage where possible, or to use a dedicated, less privileged key if the `service_role` is not strictly required for *all* skill functions. Implement secrets management best practices. | LLM | scripts/supabase.py:20 | |
| LOW | Unpinned `requests` dependency The `scripts/supabase.py` file imports the `requests` library without specifying a version in a `requirements.txt` or similar file. This means that when `pip3 install requests` is run, the latest version available will be installed. While `requests` is a widely trusted library, relying on unpinned dependencies can introduce vulnerabilities if a future version of the library contains a security flaw or breaking changes. Add a `requirements.txt` file to the skill package specifying a pinned version of `requests` (e.g., `requests==2.28.1`) to ensure consistent and secure dependency management. | LLM | scripts/supabase.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/23df2a47a8e0938e)
Powered by SkillShield