supabase-server
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- Authentication Management: The skill introduces structured auth modes (user, public, secret, always) and provides clear warnings regarding the 'always' mode, which disables credential checks. This encourages explicit security decisions during development.
- Secret Management Integration: It promotes the use of environment variables and secure storage like Supabase Vault for sensitive keys, rather than hardcoding them in the source code. Examples include placeholders for Stripe and Supabase keys, adhering to secret management best practices.
- Request Processing Surface: As a server-side utility, the skill instructs the agent on handling incoming HTTP requests. While this involves processing data from headers and bodies, the recommended patterns utilize the package's built-in verification methods to handle these inputs securely.
- Migration Guidance: The skill includes instructions to identify and migrate legacy patterns, such as manual client creation with older keys, to modern managed interfaces. This helps reduce the potential security overhead of maintaining older, more verbose implementations.
Audit Metadata