supabase-server
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- Legacy Key Migration Guidance: The skill provides detailed instructions on moving from legacy environment variables like
SUPABASE_ANON_KEYto modern, more granular API keys. This promotes better security practices by using updated credential management systems. - Authentication Best Practices: It includes explicit warnings regarding the
allow: 'always'authentication mode, instructing the agent to confirm the public nature of an endpoint with the user before implementation. It correctly suggests more secure alternatives like secret-key validation or signature verification for webhooks. - Secure Secret Management: The documentation provides examples of using Supabase Vault and environment secrets for sensitive data like Stripe keys, ensuring credentials are not hardcoded or exposed in logs/database queries.
- Agent Behavior Guidance: The instruction to rely exclusively on provided documentation rather than searching the web is a practical constraint for a beta package. This helps prevent the agent from hallucinating or using outdated information from external sources while the package is under active development.
- Cross-Platform Security Contexts: The skill addresses security configurations across different environments (Deno, Node.js, Cloudflare Workers), such as the
nodejs_compatflag andverify_jwtsettings insupabase/config.toml, ensuring developers are aware of platform-specific security requirements.
Audit Metadata