supabase-vercel-shop

SUSPICIOUS. The skill is mostly coherent for an e-commerce build guide and shows no direct malware or rogue installer behavior, but it grants broad execution/editing powers, uses wildcard Supabase MCP access, references a separate skill, and introduces a third-party Context7 MCP that can ingest external content and project context. Risk is moderate rather than malicious.