Trust Assessment
supabase-rls-gen received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Package name discrepancy in usage instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Package name discrepancy in usage instructions The skill's usage instructions recommend executing `npx ai-supabase-gen`, but the linked GitHub repository for the project is `github.com/lxgicstudios/supabase-schema-gen`. This discrepancy between the package name used in the `npx` command and the name in the official GitHub link could lead users to install and execute an unintended or potentially malicious package from npm, posing a significant supply chain risk. It's unclear if `ai-supabase-gen` is the correct package or if it's a typosquatting target. Clarify the correct package name to be executed via `npx`. Ensure the `npx` command refers to the package corresponding to the linked GitHub repository (`supabase-schema-gen`), or provide a clear explanation for the different names if intentional. If `ai-supabase-gen` is indeed the correct package, verify its legitimacy and ownership by LXGIC Studios and update the GitHub link to reflect the correct project. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/668ee046dc6bca71)
Powered by SkillShield