supabase-automation

SUSPICIOUS. The skill’s stated purpose matches its Supabase admin capabilities, but its trust model is weak: it routes sensitive credentials and high-impact operations through a third-party hosted MCP/Composio layer rather than official direct Supabase tooling. Broad admin scope plus access to live API keys and arbitrary SQL make the overall risk high even without confirmed malicious behavior.