← 返回 Skills 市场
Supabase Tool
作者
loutai0307-prog
· GitHub ↗
· v1.1.0
· MIT-0
85
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install supabase-tool
功能描述
Generate Supabase API curl commands and SQL query helpers. Use when querying tables, counting rows, inserting records, checking database health, auditing RLS...
安全使用建议
This skill appears coherent and low-risk: it only generates example curl commands and does not store or read secrets. Before using: (1) note the script requires bash, curl, and python3 even though the registry metadata omitted those; (2) carefully replace placeholders (YOUR_ACCESS_TOKEN, YOUR_ANON_KEY, YOUR_PROJECT_REF) locally — do not paste secrets into public chat; (3) inspect any generated curl command before running it to ensure you aren't sending sensitive data to an unexpected place. If you want extra assurance, run the printed curl commands from a local terminal rather than allowing any automated executor to run them for you.
功能分析
Type: OpenClaw Skill
Name: supabase-tool
Version: 1.1.0
The skill is a Supabase command generator, but `scripts/script.sh` contains a shell injection vulnerability. The functions `cmd_query`, `cmd_select`, `cmd_count`, and `cmd_insert` use unquoted heredocs (`cat << EOF`) to interpolate user-provided arguments into the output. This allows for arbitrary command execution on the host if the input contains shell substitutions (e.g., `$(command)`). While the tool's logic appears intended for legitimate database management and lacks evidence of intentional malice or data exfiltration, the insecure handling of shell input makes it high-risk for exploitation.
能力标签
能力评估
Purpose & Capability
The SKILL.md, help text, and scripts all implement a Supabase curl/SQL helper as described. Minor inconsistency: the registry metadata lists no required binaries, but SKILL.md and the script clearly require bash, curl, and python3 to format output.
Instruction Scope
Runtime instructions and the included script only generate curl commands and simple JSON formatting; they do not read local files, access environment variables, or send data to unexpected endpoints. All network endpoints referenced are Supabase domains or api.supabase.com as expected.
Install Mechanism
No install spec (instruction-only) and a single helper script is included. No downloads or archive extraction occur on install — low installation risk.
Credentials
The skill does not request or read any environment variables or credentials. It uses placeholder values (YOUR_PROJECT_REF, YOUR_ACCESS_TOKEN, YOUR_ANON_KEY) which the user must replace before running commands — this is appropriate for its purpose.
Persistence & Privilege
always is false and the skill does not modify agent/system configuration or claim persistent privileges. It only prints commands for the user to run manually.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install supabase-tool - 安装完成后,直接呼叫该 Skill 的名称或使用
/supabase-tool触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Rewrite: generate API commands instead of executing them, no credentials required
v1.0.4
Fix: use standard env var names, remove local dir creation
v1.0.3
Fix: declare required env vars in description metadata
v1.0.2
Fix: add required credentials declaration to registry metadata
v1.0.1
Remove hardcoded table names, use generic API health check
v1.0.0
Initial release
元数据
常见问题
Supabase Tool 是什么?
Generate Supabase API curl commands and SQL query helpers. Use when querying tables, counting rows, inserting records, checking database health, auditing RLS... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 85 次。
如何安装 Supabase Tool?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install supabase-tool」即可一键安装,无需额外配置。
Supabase Tool 是免费的吗?
是的,Supabase Tool 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Supabase Tool 支持哪些平台?
Supabase Tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Supabase Tool?
由 loutai0307-prog(@loutai0307-prog)开发并维护,当前版本 v1.1.0。
推荐 Skills