← 返回 Skills 市场
Supabase Hakke
作者
Bastian Berrios Alarcon
· GitHub ↗
· v1.1.0
461
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install supabase-hakke
功能描述
Supabase integration for Hakke Studio projects. Auth, database, storage, edge functions. Use with vercel skill for full-stack deployment.
安全使用建议
This skill appears to be a legitimate Supabase how‑to for the author's Hakke project, but it contains author-specific paths and an explicit OAuth login email and references server-side secrets without declaring them. Before installing or running it: 1) do not provide any credentials unless you understand which key is needed (server_role keys are highly sensitive and should only be used in secure server environments); 2) remove or adapt hard-coded local paths and the example login email to your own environment; 3) treat the SKILL.md as documentation rather than an automated routine — running the 'supabase login' and CLI commands from the agent could attempt to use or modify your local files and environment; and 4) if you plan to allow the agent to invoke this skill autonomously, restrict it from accessing secrets or running CLI commands until you have sanitized the instructions. If you want a safer integration, ask the author to provide a cleaned, generalized SKILL.md that declares required env vars explicitly and removes author-specific artifacts.
功能分析
Type: OpenClaw Skill
Name: supabase-hakke
Version: 1.1.0
The skill is classified as suspicious due to its explicit declaration of the `exec` tool, allowing it to execute arbitrary shell commands. While the commands themselves appear to be standard Supabase and Vercel CLI operations (e.g., `supabase login`, `supabase db push`, `vercel env add`), the capability to execute shell commands and handle sensitive environment variables (like `SUPABASE_SERVICE_ROLE_KEY`) inherently carries a high risk. There is no direct evidence of malicious intent, such as data exfiltration to unauthorized endpoints or instructions for the agent to perform harmful actions, but the powerful capabilities could be leveraged for abuse if the agent were compromised by an external prompt injection or if the skill's author had hidden malicious intent. The hardcoded path `/home/bastianberrios/proyectos/HAKKE/hakke-app` in `SKILL.md` is a minor robustness issue but not malicious.
能力评估
Purpose & Capability
The name/description (Supabase integration for Hakke) aligns with the commands and SQL in SKILL.md, but the metadata and instructions include surprising items: the metadata 'requires' lists 'vercel' which is reasonable, however the SKILL.md references an author-specific project path (/home/bastianberrios/...) and a hard-coded login email ([email protected]). These author-specific artifacts are not justified by a generic Supabase integration and suggest the instructions are a direct dump of the maintainer's local workflow rather than a general-purpose skill.
Instruction Scope
The runtime instructions tell the agent to run CLI commands (supabase login, link, db push, functions deploy) and to place/expect env variables. They also reference a specific local path and instruct logging in with the author's OAuth account. The SKILL.md refers to sensitive keys (.env variables) and server-side operations (service_role key), but the skill declares no required env vars. The instructions therefore request access to secrets and local filesystem locations not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code, so nothing is written to disk by the skill itself. That keeps install risk low.
Credentials
The SKILL.md shows and expects sensitive environment variables (NEXT_PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY) and suggests operations that require the service_role key (server-side/admin tasks). However, the skill metadata declares no required credentials or primary credential. The absence of declared env requirements while the instructions clearly use/require secrets is a proportionality mismatch and a red flag for accidental or deliberate omission.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system modifications. It does declare use of an exec tool (invoking shell commands), which is expected for a CLI-focused integration, but there is no evidence it alters other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install supabase-hakke - 安装完成后,直接呼叫该 Skill 的名称或使用
/supabase-hakke触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- Major documentation update: expanded and refined SKILL.md with detailed usage instructions and code examples.
- Added sections for multi-tenant SaaS architecture, RLS policies, and subscription management.
- Included best practices, troubleshooting steps, and environment setup guidance.
- Clarified integration steps with Vercel and provided example client implementations for Next.js.
- Improved structure for easier onboarding and production-readiness for Hakke Studio projects.
元数据
常见问题
Supabase Hakke 是什么?
Supabase integration for Hakke Studio projects. Auth, database, storage, edge functions. Use with vercel skill for full-stack deployment. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 461 次。
如何安装 Supabase Hakke?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install supabase-hakke」即可一键安装,无需额外配置。
Supabase Hakke 是免费的吗?
是的,Supabase Hakke 完全免费(开源免费),可自由下载、安装和使用。
Supabase Hakke 支持哪些平台?
Supabase Hakke 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Supabase Hakke?
由 Bastian Berrios Alarcon(@studio-hakke)开发并维护,当前版本 v1.1.0。
推荐 Skills