mcp-installer

The manifest itself contains no malicious code, but it documents running third-party code via npx with a high-privilege SUPABASE_ACCESS_TOKEN injected into the environment. This presents a supply-chain and credential-exposure risk: if the @supabase/mcp-server package or any of its dependencies are malicious or compromised, the token and managed projects/databases could be abused. Mitigations: obtain and audit the package source, pin versions, use least-privilege/time-limited tokens, and avoid exposing tokens in logs or unsecured environments.