supabase-mastery

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This skill is documentation-only and contains standard, legitimate Supabase patterns for migrations, RLS, pgvector, and authentication. There is no evidence of malicious behavior or hidden data exfiltration. The primary security concern is operational: developers must protect SUPABASE_SERVICE_KEY (server-side secret) and ensure RLS policies are correctly configured so that anon (client) keys cannot access privileged data. Recommend adding explicit warnings about secure storage of service keys and never embedding them in client code. LLM verification: This skill file is documentation/instructional material for legitimate Supabase usage (migrations, RLS, pgvector, and auth). It does not contain code that performs malicious actions. The primary security concern is the explicit use of the Supabase service role key in an example — a necessary but highly sensitive credential; the documentation should stress secure storage and never exposing it to clients. Static scanner flags (template literal and vercel.example URLs) are benign in this context. N