supabase-query

clawhub:supabase-query

View source

85/100

First Seen

Feb 20, 2026

Last Scanned

Feb 22, 2026

Findings

Score

85/100

HIGH 1

LOW 1

Findings (2)

HIGH

Data transmission pattern EXFIL_003

exfiltration L213

Detects patterns indicating sensitive data being sent to external services

send credentials to

FIX

Restrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.

FP?

Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L64

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://xxxxx.supabase.co"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).