supabase-auth
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE] (SAFE): The skill consists of documentation and standard Javascript code snippets for Supabase integration. No malicious logic or instructions were found.
- [EXTERNAL_DOWNLOADS] (SAFE): References trusted npm packages:
supabase,@supabase/supabase-js,@supabase/ssr,next, andreact. These are official and reputable libraries. - [EXTERNAL_DOWNLOADS] (SAFE): An automated scanner flagged
supabase.auth.reas malicious. However, this string does not exist as a URL in the skill files. It is likely a false positive caused by the library namespacesupabase.authappearing near thereferences/directory name or methods such asrefreshSessionandresetPasswordForEmail. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found. All documentation examples use standard placeholders for environment variables and JWT tokens.
- [COMMAND_EXECUTION] (SAFE): All included CLI commands (
supabase login,supabase link) are standard for the advertised functionality and pose no risk to the environment. - [DATA_EXFILTRATION] (SAFE): No unauthorized data access or exfiltration patterns were detected. The documentation correctly identifies security risks like exposing the service role key and promotes best practices like Row Level Security (RLS).
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata