nextjs-supabase

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] Benign overall. The fragment describes conventional setup steps for a Next.js + Supabase project: cloning a public repo, optionally clearing git history, installing dependencies, and configuring environment credentials. The presence of .env.local instructions is standard for local development but requires careful handling of secrets. No malicious behavior is evident in the provided content. LLM verification: The SKILL.md fragment documents a typical project bootstrap flow but includes unsafe/destructive shell commands (rm -rf .git and rm -rf _temp_template) and an error-prone dotfile move pattern (mv _temp_template/.*). Major supply-chain risk comes from running npm install and project scripts without guidance to verify dependency provenance, use lockfiles, or audit install scripts. There is no evidence in this fragment of explicit malware, hardcoded credentials, obfuscation, or network exfiltration