supabase-audit-tables-list

Functionally, this skill performs legitimate enumeration of Supabase-exposed tables by querying the PostgREST/OpenAPI endpoint using an anon key and outputting findings. The main security risk is operational: mandatory, progressive local persistence of evidence (including examples that show headers and curl commands) and ambiguous 'auto-extract' behavior can cause accidental leakage of anon keys or other sensitive metadata. There is no direct evidence of malware or covert exfiltration to third-party domains, but the documented behavior is risky unless evidence files are redacted, stored securely, and auto-extraction is restricted or requires explicit consent. Recommend requiring explicit user approval before credential discovery, enforcing redaction of secrets in evidence, and adding secure storage/permissions guidance before using in non-isolated environments.