← 返回 Skills 市场
Ecosincronia Supabase
作者
EcosincronIA
· GitHub ↗
· v1.0.1
· MIT-0
313
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install ecosincronia-supabase
功能描述
Connect to Supabase for database operations, vector search, and storage. Use for storing data, running SQL queries, similarity search with pgvector, and mana...
使用说明 (SKILL.md)
Supabase CLI
Interact with Supabase projects: queries, CRUD, vector search, and table management.
Setup
# Required
export SUPABASE_URL="https://yourproject.supabase.co"
export SUPABASE_SERVICE_KEY="eyJhbGciOiJIUzI1NiIs..."
# Optional: for management API
export SUPABASE_ACCESS_TOKEN="sbp_xxxxx"
Quick Commands
# SQL query
{baseDir}/scripts/supabase.sh query "SELECT * FROM users LIMIT 5"
# Insert data
{baseDir}/scripts/supabase.sh insert users '{"name": "John", "email": "[email protected]"}'
# Select with filters
{baseDir}/scripts/supabase.sh select users --eq "status:active" --limit 10
# Update
{baseDir}/scripts/supabase.sh update users '{"status": "inactive"}' --eq "id:123"
# Delete
{baseDir}/scripts/supabase.sh delete users --eq "id:123"
# Vector similarity search
{baseDir}/scripts/supabase.sh vector-search documents "search query" --match-fn match_documents --limit 5
# List tables
{baseDir}/scripts/supabase.sh tables
# Describe table
{baseDir}/scripts/supabase.sh describe users
Commands Reference
query - Run raw SQL
{baseDir}/scripts/supabase.sh query "\x3CSQL>"
# Examples
{baseDir}/scripts/supabase.sh query "SELECT COUNT(*) FROM users"
{baseDir}/scripts/supabase.sh query "CREATE TABLE items (id serial primary key, name text)"
{baseDir}/scripts/supabase.sh query "SELECT * FROM users WHERE created_at > '2024-01-01'"
select - Query table with filters
{baseDir}/scripts/supabase.sh select \x3Ctable> [options]
Options:
--columns \x3Ccols> Comma-separated columns (default: *)
--eq \x3Ccol:val> Equal filter (can use multiple)
--neq \x3Ccol:val> Not equal filter
--gt \x3Ccol:val> Greater than
--lt \x3Ccol:val> Less than
--like \x3Ccol:val> Pattern match (use % for wildcard)
--limit \x3Cn> Limit results
--offset \x3Cn> Offset results
--order \x3Ccol> Order by column
--desc Descending order
# Examples
{baseDir}/scripts/supabase.sh select users --eq "status:active" --limit 10
{baseDir}/scripts/supabase.sh select posts --columns "id,title,created_at" --order created_at --desc
{baseDir}/scripts/supabase.sh select products --gt "price:100" --lt "price:500"
insert - Insert row(s)
{baseDir}/scripts/supabase.sh insert \x3Ctable> '\x3Cjson>'
# Single row
{baseDir}/scripts/supabase.sh insert users '{"name": "Alice", "email": "[email protected]"}'
# Multiple rows
{baseDir}/scripts/supabase.sh insert users '[{"name": "Bob"}, {"name": "Carol"}]'
update - Update rows
{baseDir}/scripts/supabase.sh update \x3Ctable> '\x3Cjson>' --eq \x3Ccol:val>
# Example
{baseDir}/scripts/supabase.sh update users '{"status": "inactive"}' --eq "id:123"
{baseDir}/scripts/supabase.sh update posts '{"published": true}' --eq "author_id:5"
upsert - Insert or update
{baseDir}/scripts/supabase.sh upsert \x3Ctable> '\x3Cjson>'
# Example (requires unique constraint)
{baseDir}/scripts/supabase.sh upsert users '{"id": 1, "name": "Updated Name"}'
delete - Delete rows
{baseDir}/scripts/supabase.sh delete \x3Ctable> --eq \x3Ccol:val>
# Example
{baseDir}/scripts/supabase.sh delete sessions --lt "expires_at:2024-01-01"
vector-search - Similarity search with pgvector
{baseDir}/scripts/supabase.sh vector-search \x3Ctable> "\x3Cquery>" [options]
Options:
--match-fn \x3Cname> RPC function name (default: match_\x3Ctable>)
--limit \x3Cn> Number of results (default: 5)
--threshold \x3Cn> Similarity threshold 0-1 (default: 0.5)
--embedding-model \x3Cm> Model for query embedding (default: uses OpenAI)
# Example
{baseDir}/scripts/supabase.sh vector-search documents "How to set up authentication" --limit 10
# Requires a match function like:
# CREATE FUNCTION match_documents(query_embedding vector(1536), match_threshold float, match_count int)
tables - List all tables
{baseDir}/scripts/supabase.sh tables
describe - Show table schema
{baseDir}/scripts/supabase.sh describe \x3Ctable>
rpc - Call stored procedure
{baseDir}/scripts/supabase.sh rpc \x3Cfunction_name> '\x3Cjson_params>'
# Example
{baseDir}/scripts/supabase.sh rpc get_user_stats '{"user_id": 123}'
Vector Search Setup
1. Enable pgvector extension
CREATE EXTENSION IF NOT EXISTS vector;
2. Create table with embedding column
CREATE TABLE documents (
id bigserial PRIMARY KEY,
content text,
metadata jsonb,
embedding vector(1536)
);
3. Create similarity search function
CREATE OR REPLACE FUNCTION match_documents(
query_embedding vector(1536),
match_threshold float DEFAULT 0.5,
match_count int DEFAULT 5
)
RETURNS TABLE (
id bigint,
content text,
metadata jsonb,
similarity float
)
LANGUAGE plpgsql
AS $$
BEGIN
RETURN QUERY
SELECT
documents.id,
documents.content,
documents.metadata,
1 - (documents.embedding \x3C=> query_embedding) AS similarity
FROM documents
WHERE 1 - (documents.embedding \x3C=> query_embedding) > match_threshold
ORDER BY documents.embedding \x3C=> query_embedding
LIMIT match_count;
END;
$$;
4. Create index for performance
CREATE INDEX ON documents
USING ivfflat (embedding vector_cosine_ops)
WITH (lists = 100);
Environment Variables
| Variable | Required | Description |
|---|---|---|
| SUPABASE_URL | Yes | Project URL (https://xxx.supabase.co) |
| SUPABASE_SERVICE_KEY | Yes | Service role key (full access) |
| SUPABASE_ANON_KEY | No | Anon key (restricted access) |
| SUPABASE_ACCESS_TOKEN | No | Management API token |
| OPENAI_API_KEY | No | For generating embeddings |
Notes
- Service role key bypasses RLS (Row Level Security)
- Use anon key for client-side/restricted access
- Vector search requires pgvector extension
- Embeddings default to OpenAI text-embedding-ada-002 (1536 dimensions)
安全使用建议
This skill contains a runnable shell script that uses your Supabase service role key and (for vector search) sends text to OpenAI. Before installing: 1) Inspect scripts/supabase.sh yourself (you have the file) to ensure it matches your expectations. 2) Do not supply a production SUPABASE_SERVICE_KEY unless you trust and audit the script — prefer a least-privilege key or a dedicated project. 3) Be aware vector-search will transmit query text to OpenAI (you must provide OPENAI_API_KEY); if that is a privacy concern, disable vector-search or remove that code. 4) Ensure the host has curl and jq available; the script will fail otherwise. 5) If you proceed, run in an isolated environment or with limited credentials and consider adding network controls or logging to monitor outbound calls to api.openai.com. If the publisher can update the manifest to declare OPENAI_API_KEY and the required binaries, that would resolve the main inconsistencies.
功能分析
Type: OpenClaw Skill
Name: ecosincronia-supabase
Version: 1.0.1
The skill provides a Supabase CLI wrapper in `scripts/supabase.sh` for database operations, including raw SQL execution and vector search. While aligned with its stated purpose, the script contains vulnerabilities due to a lack of input sanitization and URL encoding when constructing API requests (e.g., in the `build_filters` function), which could be exploited via parameter injection. Additionally, it requires the high-privilege `SUPABASE_SERVICE_KEY` (bypassing RLS) and provides a raw SQL execution path (`exec_sql`), representing a significant attack surface if the AI agent is targeted by prompt injection.
能力评估
Purpose & Capability
The skill's name/description match the code: it implements Supabase REST/RPC operations, table management, and pgvector similarity search. However the script depends on utilities (curl, jq) and an OPENAI_API_KEY for embeddings which are not declared in the registry metadata's required envs or required binaries. Those omissions are inconsistent with the stated manifest and should have been declared.
Instruction Scope
Runtime instructions and the shell script perform full-database operations (raw SQL via an exec_sql RPC, inserts/updates/deletes), list/describe tables, and perform vector searches. Vector search code sends text to OpenAI's embeddings API (network call to api.openai.com) which transmits user data outside the Supabase project — this is in-scope for vector search but is a privacy/exfiltration consideration and the OpenAI credential requirement is not consistently declared in metadata. The script also assumes availability of jq and curl; SKILL.md/metadata do not require those binaries.
Install Mechanism
There is no install spec (instruction-only plus an included script). No external archives or downloads are performed by the skill itself. This minimizes installer risk, but the included script will be written to disk by the skill bundle.
Credentials
The declared required env vars (SUPABASE_URL, SUPABASE_SERVICE_KEY) are expected for server-side management, but SUPABASE_SERVICE_KEY is a service-role key with full access — this is powerful and must be handled carefully. The script also requires OPENAI_API_KEY for embeddings (and potentially other vars like SUPABASE_ANON_KEY/SUPABASE_ACCESS_TOKEN are suggested as optional), but OPENAI_API_KEY is not listed in the registry's required envs metadata. The omission of this sensitive credential from the manifest is a notable inconsistency.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent platform privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ecosincronia-supabase - 安装完成后,直接呼叫该 Skill 的名称或使用
/ecosincronia-supabase触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Internal metadata updated (no user-facing changes).
- All features and CLI behaviors remain unchanged.
v1.0.0
- Initial release of the Supabase skill for database operations, vector search, and storage management.
- Provides CLI commands for SQL queries, CRUD operations, table management, and vector similarity search using pgvector.
- Includes setup instructions for environment variables and Supabase project configuration.
- Offers guides for enabling vector search, including schema and function setup.
- Supports options for advanced filtering, embedding models, and stored procedure calls.
元数据
常见问题
Ecosincronia Supabase 是什么?
Connect to Supabase for database operations, vector search, and storage. Use for storing data, running SQL queries, similarity search with pgvector, and mana... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 313 次。
如何安装 Ecosincronia Supabase?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ecosincronia-supabase」即可一键安装,无需额外配置。
Ecosincronia Supabase 是免费的吗?
是的,Ecosincronia Supabase 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ecosincronia Supabase 支持哪些平台?
Ecosincronia Supabase 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ecosincronia Supabase?
由 EcosincronIA(@ecosincronia)开发并维护,当前版本 v1.0.1。
推荐 Skills