supabase-auth
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (CRITICAL): Detection of malicious URL 'supabase.auth.re' by automated scanner. This domain is blacklisted and likely used for phishing or credential theft, as it mimics official Supabase services but is not under their control.
- [CREDENTIALS_UNSAFE] (HIGH): The skill documentation encourages the use of highly sensitive environment variables such as 'SUPABASE_SERVICE_ROLE_KEY' and 'SUPABASE_DB_PASSWORD'. The service role key specifically allows full administrative access and bypasses all Row Level Security (RLS) policies, posing a high risk of total database compromise if keys are leaked or misused.
- [EXTERNAL_DOWNLOADS] (LOW): References to '@supabase/supabase-js' and the 'supabase' CLI. These findings are downgraded to LOW severity as 'supabase' is a recognized trusted organization per the [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata