supabase-agent-skills

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the supabase/agent-skills package using npx. This targets the official repository of Supabase, a well-known service.
  • [REMOTE_CODE_EXECUTION]: The use of npx skills add supabase/agent-skills involves downloading and executing code from the Supabase organization on GitHub/NPM. As Supabase is a trusted vendor and the repository is official, this is considered standard installation behavior.
  • [COMMAND_EXECUTION]: Provides commands for environment verification (node -v, npm -v) and Claude plugin management. These are benign and intended for project setup.
  • [CREDENTIALS_UNSAFE]: The skill explicitly advises against hardcoding tokens and recommends using environment variables or secret managers, adhering to security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — supabase-agent-skills