moai-baas-supabase-ext

The enterprise skill fragment aligns with its intended purpose (AI-assisted architecture, Context7 integration, edge functions, RLS, migrations). The primary security concerns center on credential handling (service role keys in edge contexts) and external-doc governance (Context7 data flows). No explicit malicious behavior is observed; however, the configuration patterns present meaningful risk if not mitigated. Recommend: (1) replace or isolate service-role access in edge environments with short-lived credentials or bound service accounts, (2) implement strict secret management and environment-scoped access controls, (3) enforce provenance and integrity checks for Context7 docs, (4) enforce robust RBAC/RLS and minimize data broadcast payloads, (5) add schema-validation and test coverage for Firebase-to-Supabase migrations. Overall risk remains notable but non-malicious; with proper controls, the design is usable. SecurityRisk ~0.65; malware ~0.22; obfuscated ~0.20; confidence ~0.77;