supabase-nextjs
github.com/alinaqi/claude-bootstrap
Scanned Thu, 28 May 2026 17:30:31 GMT
Scan ID crawl-gm1y2y92pmkkegw4mdzfr3pq · 2ms
A
SCORE 95 / 100
Verdict: Safe to install
2 medium findings.
This skill ships without a capability manifest plus 1 other issue listed below.
0 critical0 high2 medium10 rules passed
Why grade A?
score · 95 / 100The current grade reflects 2 minor findings below all thresholds.
0 CRIT0 HIGH2 MED0 LOW
Already at the top grade — no further rules to pass.
Findings · ordered by severity
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestmedLink text shows "next.js" but points at supabase.comThe visible link text contains the domain `next.js`, but the URL actually targets `supabase.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "next.js" but points at supabase.com
The visible link text contains the domain `next.js`, but the URL actually targets `supabase.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
13Next.js App Router patterns with Supabase Auth and Drizzle ORM.
14
15**Sources:** [Supabase Next.js Guide](https://supabase.com/docs/guides/auth/server-side/nextjs) | [Drizzle + Supabase](https://supabase.com/docs/guides/database/drizzle)← text→next.js · href→supabase.com
16
17---
skillox.io/r/crawl-gm1y2y92pmkkegw4mdzfr3pq