supabase-automation

SUSPICIOUS: The skill’s capabilities mostly match its stated Supabase automation purpose, and the MCP endpoint appears to be an official Composio/Rube service rather than a random installer. However, it routes sensitive Supabase administration through a third-party intermediary, includes high-privilege actions like arbitrary SQL and API key retrieval, and its setup claim understates the real auth/trust model. This is not confirmed malware, but it carries meaningful security risk and should be treated as a high-trust admin integration.