← Back to Skills Marketplace
338
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install supabase-skills
Description
Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run...
Usage Guidance
This package appears to implement what it says (a Volcengine Supabase CLI), but the registry metadata omits the required Volcengine credentials and the requirements install a Python SDK directly from a third‑party GitHub repo. Before installing: (1) verify you trust the GitHub repo referenced in requirements.txt or pin/replace it with an official SDK; (2) do not provide production VOLCENGINE_ACCESS_KEY/SECRET_KEY to untrusted code—test in a safe/non-production account or use limited-permission credentials; (3) be aware the CLI can read any local file paths you pass (SQL, source code) and will transmit those contents to Volcengine endpoints; (4) note the code may try to obtain temporary credentials via a vefaas IAM helper if present—avoid running in environments where that could expose broader credentials. If the missing required-env metadata concerns you, ask the publisher to update the manifest to declare VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY (and any other env vars) explicitly and to justify the git dependency.
Capability Analysis
Type: OpenClaw Skill
Name: volcengine-supabase
Version: 1.0.0
The skill bundle provides powerful administrative capabilities for Volcengine Supabase, including arbitrary SQL execution (database_tools.py), Edge Function deployment (edge_function_tools.py), and the retrieval of sensitive service role keys (workspace_tools.py). While these align with the stated purpose, the requirements.txt file specifies a dependency on a personal GitHub fork of the Volcengine SDK (github.com/sjcsjcsjc/volcengine-python-sdk), which introduces a significant supply chain risk. The inclusion of a '--reveal' flag in the get-keys action (call_volcengine_supabase.py) further increases the risk of credential exfiltration if the AI agent is successfully manipulated via prompt injection.
Capability Assessment
Purpose & Capability
Name/description align with the code: the bundle implements a CLI (scripts/call_volcengine_supabase.py) to list/manage workspaces, branches, DB, Edge Functions, and Storage on Volcengine Supabase. However, registry metadata claims no required environment variables while SKILL.md and the code clearly require VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY (and optionally other SUPABASE_* env vars). That metadata mismatch is misleading.
Instruction Scope
SKILL.md instructs running the included Python CLI via 'uv run' or python. The runtime instructions and examples match the actual code paths. The CLI accepts file arguments (e.g. --query-file, --source-file) and will read those files locally, and it will send content (SQL, source files, import maps) to remote Volcengine endpoints — this is expected for the stated capability. Note: the code will also attempt to obtain credentials from a vefaas IAM helper if present, which expands how credentials can be acquired at runtime.
Install Mechanism
No install script is included (instruction-only install), but requirements.txt declares dependencies including a git+https pip install of 'git+https://github.com/sjcsjcsjc/volcengine-python-sdk.git@<commit>'. Installing directly from a third‑party GitHub repo (not an official release host) is a moderate risk and should be reviewed. No arbitrary binary downloads or extract steps were found.
Credentials
The code legitimately needs Volcengine credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) to call APIs and may use VOLCENGINE_SESSION_TOKEN or vefaas IAM to obtain temporary creds. The registry metadata omitted these required env vars and listed no primary credential — that mismatch is problematic. No unrelated credentials are requested, but the automatic vefaas IAM credential fetch behavior should be considered before running in shared/sensitive environments.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It runs as a CLI and uses included code; autonomous invocation (default) is allowed but not combined with other privileged flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install supabase-skills - After installation, invoke the skill by name or use
/supabase-skills - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of volcengine-supabase.
- Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, and Storage via local CLI commands.
- Provides real-time results by invoking scripts/call_volcengine_supabase.py.
- Supports common operations such as workspace listing, SQL execution, migration management, Edge Function deployment, and storage bucket creation.
- Includes detailed instructions, usage examples, and best practices for safe and effective management.
- Offers references and guides for application integration, schema design, RLS, and Edge Function development.
Metadata
Frequently Asked Questions
What is Volcengine Supabase?
Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run... It is an AI Agent Skill for Claude Code / OpenClaw, with 338 downloads so far.
How do I install Volcengine Supabase?
Run "/install supabase-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Volcengine Supabase free?
Yes, Volcengine Supabase is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Volcengine Supabase support?
Volcengine Supabase is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Volcengine Supabase?
It is built and maintained by Tech (@techstylex); the current version is v1.0.0.
More Skills