← Back to Skills Marketplace
Supabase Hakke
by
Bastian Berrios Alarcon
· GitHub ↗
· v1.1.0
461
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install supabase-hakke
Description
Supabase integration for Hakke Studio projects. Auth, database, storage, edge functions. Use with vercel skill for full-stack deployment.
Usage Guidance
This skill appears to be a legitimate Supabase how‑to for the author's Hakke project, but it contains author-specific paths and an explicit OAuth login email and references server-side secrets without declaring them. Before installing or running it: 1) do not provide any credentials unless you understand which key is needed (server_role keys are highly sensitive and should only be used in secure server environments); 2) remove or adapt hard-coded local paths and the example login email to your own environment; 3) treat the SKILL.md as documentation rather than an automated routine — running the 'supabase login' and CLI commands from the agent could attempt to use or modify your local files and environment; and 4) if you plan to allow the agent to invoke this skill autonomously, restrict it from accessing secrets or running CLI commands until you have sanitized the instructions. If you want a safer integration, ask the author to provide a cleaned, generalized SKILL.md that declares required env vars explicitly and removes author-specific artifacts.
Capability Analysis
Type: OpenClaw Skill
Name: supabase-hakke
Version: 1.1.0
The skill is classified as suspicious due to its explicit declaration of the `exec` tool, allowing it to execute arbitrary shell commands. While the commands themselves appear to be standard Supabase and Vercel CLI operations (e.g., `supabase login`, `supabase db push`, `vercel env add`), the capability to execute shell commands and handle sensitive environment variables (like `SUPABASE_SERVICE_ROLE_KEY`) inherently carries a high risk. There is no direct evidence of malicious intent, such as data exfiltration to unauthorized endpoints or instructions for the agent to perform harmful actions, but the powerful capabilities could be leveraged for abuse if the agent were compromised by an external prompt injection or if the skill's author had hidden malicious intent. The hardcoded path `/home/bastianberrios/proyectos/HAKKE/hakke-app` in `SKILL.md` is a minor robustness issue but not malicious.
Capability Assessment
Purpose & Capability
The name/description (Supabase integration for Hakke) aligns with the commands and SQL in SKILL.md, but the metadata and instructions include surprising items: the metadata 'requires' lists 'vercel' which is reasonable, however the SKILL.md references an author-specific project path (/home/bastianberrios/...) and a hard-coded login email ([email protected]). These author-specific artifacts are not justified by a generic Supabase integration and suggest the instructions are a direct dump of the maintainer's local workflow rather than a general-purpose skill.
Instruction Scope
The runtime instructions tell the agent to run CLI commands (supabase login, link, db push, functions deploy) and to place/expect env variables. They also reference a specific local path and instruct logging in with the author's OAuth account. The SKILL.md refers to sensitive keys (.env variables) and server-side operations (service_role key), but the skill declares no required env vars. The instructions therefore request access to secrets and local filesystem locations not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, so nothing is written to disk by the skill itself. That keeps install risk low.
Credentials
The SKILL.md shows and expects sensitive environment variables (NEXT_PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY) and suggests operations that require the service_role key (server-side/admin tasks). However, the skill metadata declares no required credentials or primary credential. The absence of declared env requirements while the instructions clearly use/require secrets is a proportionality mismatch and a red flag for accidental or deliberate omission.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system modifications. It does declare use of an exec tool (invoking shell commands), which is expected for a CLI-focused integration, but there is no evidence it alters other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install supabase-hakke - After installation, invoke the skill by name or use
/supabase-hakke - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
- Major documentation update: expanded and refined SKILL.md with detailed usage instructions and code examples.
- Added sections for multi-tenant SaaS architecture, RLS policies, and subscription management.
- Included best practices, troubleshooting steps, and environment setup guidance.
- Clarified integration steps with Vercel and provided example client implementations for Next.js.
- Improved structure for easier onboarding and production-readiness for Hakke Studio projects.
Metadata
Frequently Asked Questions
What is Supabase Hakke?
Supabase integration for Hakke Studio projects. Auth, database, storage, edge functions. Use with vercel skill for full-stack deployment. It is an AI Agent Skill for Claude Code / OpenClaw, with 461 downloads so far.
How do I install Supabase Hakke?
Run "/install supabase-hakke" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Supabase Hakke free?
Yes, Supabase Hakke is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Supabase Hakke support?
Supabase Hakke is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Supabase Hakke?
It is built and maintained by Bastian Berrios Alarcon (@studio-hakke); the current version is v1.1.0.
More Skills