moai-baas-supabase-ext

The skill content presents a coherent enterprise-oriented tool for AI-powered Supabase platform design, real-time orchestration, and migration workflows. Its architecture aligns with the stated purpose, leveraging Context7 for documentation, and providing Level 2/3 implementations for RLS, real-time subscriptions, and edge functions. However, there are notable security concerns: the edge function relies on a service role credential exposed via environment variables, external dependency sourcing without explicit pinning, and potential data-in-transit exposure if inputs aren’t strictly validated. These issues elevate risk from benign to suspicious, particularly around credential handling and supply-chain integrity. Overall, the codebase is plausibly aligned with its purpose but should be treated as suspicious-to-high-risk until secret-management and supply-chain safeguards are confirmed (secret handling, version pinning, input validation, and trusted dependency verification).