Loading...
Loading...
Found 12 Skills
Execute apply Supabase security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Supabase security configuration. Trigger with phrases like "supabase security", "supabase secrets", "secure supabase", "supabase API key security".
Supabase security and performance guidelines with Clerk authentication integration. Contains 40+ rules across 10 categories covering RLS policies, Clerk setup, database security, and more.
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.
Orchestrate a complete Supabase security audit with guided step-by-step execution and ownership confirmation.
Quick reference for all Supabase security audit skills with usage examples and command overview.
Generate a comprehensive Markdown security audit report with executive summary, findings, and remediation guidance.
CRITICAL - Detect exposed PostgreSQL database connection strings in client-side code. Direct DB access is a P0 issue.
Attempt to list and read files from storage buckets to verify access controls.
Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.
CRITICAL - Detect if the Supabase service_role key is leaked in client-side code. This is a P0 severity issue.