← 返回 Skills 市场
338
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install supabase-skills
功能描述
Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run...
安全使用建议
This package appears to implement what it says (a Volcengine Supabase CLI), but the registry metadata omits the required Volcengine credentials and the requirements install a Python SDK directly from a third‑party GitHub repo. Before installing: (1) verify you trust the GitHub repo referenced in requirements.txt or pin/replace it with an official SDK; (2) do not provide production VOLCENGINE_ACCESS_KEY/SECRET_KEY to untrusted code—test in a safe/non-production account or use limited-permission credentials; (3) be aware the CLI can read any local file paths you pass (SQL, source code) and will transmit those contents to Volcengine endpoints; (4) note the code may try to obtain temporary credentials via a vefaas IAM helper if present—avoid running in environments where that could expose broader credentials. If the missing required-env metadata concerns you, ask the publisher to update the manifest to declare VOLCENGINE_ACCESS_KEY and VOLCENGINE_SECRET_KEY (and any other env vars) explicitly and to justify the git dependency.
功能分析
Type: OpenClaw Skill
Name: volcengine-supabase
Version: 1.0.0
The skill bundle provides powerful administrative capabilities for Volcengine Supabase, including arbitrary SQL execution (database_tools.py), Edge Function deployment (edge_function_tools.py), and the retrieval of sensitive service role keys (workspace_tools.py). While these align with the stated purpose, the requirements.txt file specifies a dependency on a personal GitHub fork of the Volcengine SDK (github.com/sjcsjcsjc/volcengine-python-sdk), which introduces a significant supply chain risk. The inclusion of a '--reveal' flag in the get-keys action (call_volcengine_supabase.py) further increases the risk of credential exfiltration if the AI agent is successfully manipulated via prompt injection.
能力评估
Purpose & Capability
Name/description align with the code: the bundle implements a CLI (scripts/call_volcengine_supabase.py) to list/manage workspaces, branches, DB, Edge Functions, and Storage on Volcengine Supabase. However, registry metadata claims no required environment variables while SKILL.md and the code clearly require VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY (and optionally other SUPABASE_* env vars). That metadata mismatch is misleading.
Instruction Scope
SKILL.md instructs running the included Python CLI via 'uv run' or python. The runtime instructions and examples match the actual code paths. The CLI accepts file arguments (e.g. --query-file, --source-file) and will read those files locally, and it will send content (SQL, source files, import maps) to remote Volcengine endpoints — this is expected for the stated capability. Note: the code will also attempt to obtain credentials from a vefaas IAM helper if present, which expands how credentials can be acquired at runtime.
Install Mechanism
No install script is included (instruction-only install), but requirements.txt declares dependencies including a git+https pip install of 'git+https://github.com/sjcsjcsjc/volcengine-python-sdk.git@<commit>'. Installing directly from a third‑party GitHub repo (not an official release host) is a moderate risk and should be reviewed. No arbitrary binary downloads or extract steps were found.
Credentials
The code legitimately needs Volcengine credentials (VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) to call APIs and may use VOLCENGINE_SESSION_TOKEN or vefaas IAM to obtain temporary creds. The registry metadata omitted these required env vars and listed no primary credential — that mismatch is problematic. No unrelated credentials are requested, but the automatic vefaas IAM credential fetch behavior should be considered before running in shared/sensitive environments.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It runs as a CLI and uses included code; autonomous invocation (default) is allowed but not combined with other privileged flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install supabase-skills - 安装完成后,直接呼叫该 Skill 的名称或使用
/supabase-skills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of volcengine-supabase.
- Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, and Storage via local CLI commands.
- Provides real-time results by invoking scripts/call_volcengine_supabase.py.
- Supports common operations such as workspace listing, SQL execution, migration management, Edge Function deployment, and storage bucket creation.
- Includes detailed instructions, usage examples, and best practices for safe and effective management.
- Offers references and guides for application integration, schema design, RLS, and Edge Function development.
元数据
常见问题
Volcengine Supabase 是什么?
Manage Volcengine Supabase workspaces, branches, SQL queries, migrations, Edge Functions, Storage, and TypeScript type generation via a local CLI. Run uv run... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 338 次。
如何安装 Volcengine Supabase?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install supabase-skills」即可一键安装,无需额外配置。
Volcengine Supabase 是免费的吗?
是的,Volcengine Supabase 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Volcengine Supabase 支持哪些平台?
Volcengine Supabase 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 Volcengine Supabase?
由 Tech(@techstylex)开发并维护,当前版本 v1.0.0。
推荐 Skills