← Back to Skills Marketplace
loutai0307-prog

Supabase Tool

by loutai0307-prog · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
85
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install supabase-tool
Description
Generate Supabase API curl commands and SQL query helpers. Use when querying tables, counting rows, inserting records, checking database health, auditing RLS...
Usage Guidance
This skill appears coherent and low-risk: it only generates example curl commands and does not store or read secrets. Before using: (1) note the script requires bash, curl, and python3 even though the registry metadata omitted those; (2) carefully replace placeholders (YOUR_ACCESS_TOKEN, YOUR_ANON_KEY, YOUR_PROJECT_REF) locally — do not paste secrets into public chat; (3) inspect any generated curl command before running it to ensure you aren't sending sensitive data to an unexpected place. If you want extra assurance, run the printed curl commands from a local terminal rather than allowing any automated executor to run them for you.
Capability Analysis
Type: OpenClaw Skill Name: supabase-tool Version: 1.1.0 The skill is a Supabase command generator, but `scripts/script.sh` contains a shell injection vulnerability. The functions `cmd_query`, `cmd_select`, `cmd_count`, and `cmd_insert` use unquoted heredocs (`cat << EOF`) to interpolate user-provided arguments into the output. This allows for arbitrary command execution on the host if the input contains shell substitutions (e.g., `$(command)`). While the tool's logic appears intended for legitimate database management and lacks evidence of intentional malice or data exfiltration, the insecure handling of shell input makes it high-risk for exploitation.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The SKILL.md, help text, and scripts all implement a Supabase curl/SQL helper as described. Minor inconsistency: the registry metadata lists no required binaries, but SKILL.md and the script clearly require bash, curl, and python3 to format output.
Instruction Scope
Runtime instructions and the included script only generate curl commands and simple JSON formatting; they do not read local files, access environment variables, or send data to unexpected endpoints. All network endpoints referenced are Supabase domains or api.supabase.com as expected.
Install Mechanism
No install spec (instruction-only) and a single helper script is included. No downloads or archive extraction occur on install — low installation risk.
Credentials
The skill does not request or read any environment variables or credentials. It uses placeholder values (YOUR_PROJECT_REF, YOUR_ACCESS_TOKEN, YOUR_ANON_KEY) which the user must replace before running commands — this is appropriate for its purpose.
Persistence & Privilege
always is false and the skill does not modify agent/system configuration or claim persistent privileges. It only prints commands for the user to run manually.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install supabase-tool
  3. After installation, invoke the skill by name or use /supabase-tool
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Rewrite: generate API commands instead of executing them, no credentials required
v1.0.4
Fix: use standard env var names, remove local dir creation
v1.0.3
Fix: declare required env vars in description metadata
v1.0.2
Fix: add required credentials declaration to registry metadata
v1.0.1
Remove hardcoded table names, use generic API health check
v1.0.0
Initial release
Metadata
Slug supabase-tool
Version 1.1.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 6
Frequently Asked Questions

What is Supabase Tool?

Generate Supabase API curl commands and SQL query helpers. Use when querying tables, counting rows, inserting records, checking database health, auditing RLS... It is an AI Agent Skill for Claude Code / OpenClaw, with 85 downloads so far.

How do I install Supabase Tool?

Run "/install supabase-tool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Supabase Tool free?

Yes, Supabase Tool is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Supabase Tool support?

Supabase Tool is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Supabase Tool?

It is built and maintained by loutai0307-prog (@loutai0307-prog); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments