← Back to Skills Marketplace
Supabase Ops
by
Guilherme Favaron
· GitHub ↗
· v0.1.2
· MIT-0
1772
Downloads
0
Stars
4
Active Installs
3
Versions
Install in OpenClaw
/install supabase-ops
Description
Manages Supabase migrations, types generation, RLS policies, and edge functions
Usage Guidance
This skill appears to do what it says (manage Supabase migrations and edge functions) but ask yourself the following before installing or giving it credentials:
- Do NOT provide your SUPABASE_SERVICE_ROLE_KEY to any automated skill unless you trust it and you understand the consequences. That key bypasses RLS and can read/modify all data.
- Prefer running the skill with only development-scoped credentials or on a throwaway environment first. For production, require manual approval and review the 'planning' output before letting the skill run any `db push` with a production DB URL.
- Verify the source repository and owner (claw.json references a GitHub URL but the published metadata's 'Homepage' is missing). Inspect the upstream code and commit history yourself if possible.
- Be aware the skill will modify your repository (create migration files, regenerate types, run git commit). Ensure you have backups or CI checks and review commits before pushing.
- The package metadata is inconsistent (registry metadata shows no required env vars while the included files require them). Treat that as a sign to be cautious and ask the publisher for clarification.
If you decide to proceed: provide least-privilege credentials, run the skill in a dev branch or staging project, require dry-runs and explicit confirmations for production, and review all generated migrations and commits before applying them to production.
Capability Analysis
Type: OpenClaw Skill
Name: supabase-ops
Version: 0.1.2
The supabase-ops skill is a legitimate tool for managing Supabase infrastructure, including migrations, RLS policies, and edge functions. It includes a robust 'Planning Protocol' and safety rules designed to prevent accidental data loss, and its use of sensitive environment variables (e.g., SUPABASE_SERVICE_ROLE_KEY) is strictly aligned with its stated purpose of database administration via the standard Supabase CLI (SKILL.md, claw.json).
Capability Assessment
Purpose & Capability
Name/description (Supabase migrations, types, RLS, edge functions) matches the SKILL.md instructions: creating migration files, running `npx supabase` commands, generating types, scaffolding and deploying edge functions. However, the registry summary at the top of the report lists no required env vars or binaries while the embedded claw.json and SKILL.md both require `npx`, `git` and three env vars (NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY). That metadata mismatch is inconsistent and unexplained.
Instruction Scope
SKILL.md explicitly instructs the agent to read and modify repo files (supabase/migrations/, src/lib/supabase/types.ts), run commands that alter a database (`npx supabase db push`), regenerate types, and commit changes. Those actions are in-scope for a migration tool, but they give the skill permission to modify the user's repository and apply schema changes. The doc also claims credentials are accessed exclusively via the Supabase CLI and that it never reads .env files — that is an instruction, not an enforceable guarantee; the agent can still access environment or files if available. The plan/approval protocol is good, but the agent's ability to run destructive operations (with the provided keys) means the instruction scope is high-impact and needs careful user approval before production runs.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That minimizes install-time risk because nothing is being downloaded or written by an installer. Runtime commands (npx, git) are relied on to be present on the host.
Credentials
The skill requires three environment values: NEXT_PUBLIC_SUPABASE_URL (declared as primaryEnv), NEXT_PUBLIC_SUPABASE_ANON_KEY, and SUPABASE_SERVICE_ROLE_KEY. The service role key is highly privileged (can bypass RLS and perform admin operations) and grants full DB access; it is appropriate for admin/deploy tasks but must be treated as a secret and scoped carefully. Using both public anon keys and the service role key is plausible but increases risk if the service role key is provided to an automated agent. Additionally, setting the URL as primaryEnv is odd (URL is not a secret) while the most-sensitive credential is not set as primaryEnv — a minor inconsistency. Finally, the top-level registry metadata claims no required env vars whereas claw.json and SKILL.md do; that mismatch is a red flag for sloppy metadata or potential attempt to hide required secrets.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable. claw.json includes permissions for filesystem and network which are expected for a migration helper but broaden the blast radius when combined with the service role key and autonomous invocation (the skill can be invoked by the agent). The skill will write migration files, regenerate types, and run git commits — legitimate but powerful. Because autonomous invocation is allowed by default, providing high-privilege credentials increases risk; there's no built-in forced gating beyond the planning protocol.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install supabase-ops - After installation, invoke the skill by name or use
/supabase-ops - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Initializes a changelog with the addition of a CHANGELOG.md file.
- No changes to core functionality; only documentation files were updated.
v0.1.1
No user-visible changes in this release.
- No file changes detected from the previous version.
- Behavior and documentation remain the same as in version 0.1.0.
v0.1.0
Initial release of the supabase-ops skill — automates and safeguards Supabase migrations, types, RLS, and edge functions for Next.js projects.
- Adds full protocol for planning, reviewing, and executing schema changes with built-in dry-run and risk warnings.
- Enforces migrations for all schema changes; direct database edits are never allowed.
- Requires all tables to use row-level security (RLS) by default, with templates for common policies.
- Automates TypeScript type generation after every migration and guides updating affected code.
- Provides workflows for safe operations in both development and production environments.
- Includes step-by-step procedures for managing migrations, RLS policies, edge functions, indexes, and seed data.
Metadata
Frequently Asked Questions
What is Supabase Ops?
Manages Supabase migrations, types generation, RLS policies, and edge functions. It is an AI Agent Skill for Claude Code / OpenClaw, with 1772 downloads so far.
How do I install Supabase Ops?
Run "/install supabase-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Supabase Ops free?
Yes, Supabase Ops is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Supabase Ops support?
Supabase Ops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Supabase Ops?
It is built and maintained by Guilherme Favaron (@guifav); the current version is v0.1.2.
More Skills