Security Audit
supabase-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
supabase-automation received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary SQL execution capability, Direct access to project API keys, Broad administrative and data access permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary SQL execution capability The skill exposes the `SUPABASE_BETA_RUN_SQL_QUERY` tool, which allows the execution of arbitrary PostgreSQL SQL statements. If an attacker can manipulate the `query` parameter, they could perform SQL injection attacks, leading to unauthorized data access, modification, deletion, or even database schema manipulation. While the skill suggests `read_only: true` for SELECTs, this does not prevent malicious write operations if `read_only` is not set or is overridden. Implement strict input validation and sanitization for the `query` parameter, especially if it can be influenced by untrusted user input. Consider limiting the types of SQL statements allowed (e.g., disallow DDL, DML for sensitive tables). If possible, use parameterized queries instead of direct string concatenation. Restrict the database user associated with this tool to the minimum necessary privileges (least privilege principle). | LLM | SKILL.md:50 | |
| CRITICAL | Direct access to project API keys The skill provides access to the `SUPABASE_GET_PROJECT_API_KEYS` tool, which directly returns sensitive API keys, including potentially service-role keys. Although the skill documentation warns against logging or persisting these keys, an LLM or a malicious user could instruct the tool to retrieve these keys and then exfiltrate them, leading to full compromise of the Supabase project. Re-evaluate the necessity of exposing this tool to the LLM. If absolutely required, implement strong access controls and auditing. Ensure the LLM is explicitly instructed and constrained to never output, log, or store these keys. Consider providing only masked or truncated versions of keys by default, requiring explicit confirmation for full key retrieval. | LLM | SKILL.md:90 | |
| HIGH | Broad administrative and data access permissions The skill grants access to a wide array of Supabase administrative and data manipulation tools, including arbitrary SQL execution (`SUPABASE_BETA_RUN_SQL_QUERY`), direct API key retrieval (`SUPABASE_GET_PROJECT_API_KEYS`), and comprehensive project/organization management. This broad scope means that if the LLM's instructions are compromised, or if the LLM misinterprets a request, it could lead to significant data breaches, service disruption, or full project compromise. The principle of least privilege is violated by providing such extensive capabilities without granular control. Implement a granular permission model for the tools. Only expose tools that are strictly necessary for the skill's intended function. For highly sensitive operations, consider requiring explicit human approval or multi-factor authentication. Restrict the scope of projects/organizations the skill can access. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/97c661404f16a2d5)
Powered by SkillShield