home / skills / yoanbernabeu / supabase-pentest-skills

yoanbernabeu/supabase-pentest-skills

24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing, storage audit, IDOR detection, and comprehensive reporting. Works with Claude Code, Cursor, Windsurf, and 30+ AI agents.

24 skills

Sponsored

Turn bookmarks into markdown for your agents

Turn X bookmarks, Chrome tabs + YouTube URLs into markdown for agents 🦞 ↗

Cut code review time & bugs in half Instantly.

Reviews for AI-powered teams who move fast (but don’t break things) ↗

supabase-audit-rls

yoanbernabeu/supabase-pentest-skills

This skill audits Supabase RLS policies to identify bypass risks and misconfigurations, enabling rapid remediation and stronger data protection.

supabase-audit-auth-signup

yoanbernabeu/supabase-pentest-skills

This skill tests signup open/blocked and detects abuse vectors in registration, providing actionable findings for Supabase authentication security.

supabase-extract-db-string

yoanbernabeu/supabase-pentest-skills

This skill detects exposed PostgreSQL connection strings in client-side code and guides immediate remediation to prevent direct database access.

Turn bookmarks into markdown for your agents

Turn X bookmarks, Chrome tabs, and YouTube URLs into a markdown feed for agents like OpenClaw 🦞 - just install the agent skill!

yoanbernabeu/supabase-pentest-skills

This skill provides a concise reference for all Supabase security audit tasks, guiding usage and examples to speed up assessments.

supabase-audit-rpc

yoanbernabeu/supabase-pentest-skills

This skill audits Supabase RPC functions for security issues, testing RLS bypass, SQL injection, and exposure risks to deliver actionable findings.

supabase-audit-tables-list

yoanbernabeu/supabase-pentest-skills

This skill inventories all tables exposed through the Supabase PostgREST API to reveal potential data exposure and guide targeted auditing.

supabase-audit-auth-users

yoanbernabeu/supabase-pentest-skills

This skill performs comprehensive user enumeration testing against Supabase auth endpoints, logging timing, explicit errors, and mitigation guidance for secure

supabase-audit-tables-read

yoanbernabeu/supabase-pentest-skills

This skill verifies data exposure by reading from publicly accessible tables, evaluating RLS effectiveness, and documenting exact accessible data.

supabase-audit-auth-config

yoanbernabeu/supabase-pentest-skills

This skill analyzes Supabase authentication configuration for security weaknesses, generates progressive context updates, and surfaces actionable remediation.

supabase-audit-realtime

yoanbernabeu/supabase-pentest-skills

This skill audits Supabase Realtime channels for unauthorized subscriptions and data exposure, logging findings progressively for secure channel configuration.

supabase-audit-buckets-list

yoanbernabeu/supabase-pentest-skills

This skill inventories all Supabase storage buckets and configurations, highlighting public exposure and RLS gaps to strengthen storage security.

supabase-audit-authenticated

yoanbernabeu/supabase-pentest-skills

This skill creates a test authenticated user to audit access gaps versus anonymous users and detect IDOR, cross-user access, and privilege escalation.

supabase-pentest

yoanbernabeu/supabase-pentest-skills

This skill orchestrates a comprehensive Supabase security audit, guiding phased testing and progressive evidence logging for reliable risk reporting.

Turn bookmarks into markdown for your agents

Turn X bookmarks, Chrome tabs, and YouTube URLs into a markdown feed for agents like OpenClaw 🦞 - just install the agent skill!

supabase-audit-functions

yoanbernabeu/supabase-pentest-skills

This skill discovers and tests Supabase Edge Functions for security issues, reporting findings and actionable fixes to strengthen your project.

supabase-audit-buckets-read

yoanbernabeu/supabase-pentest-skills

This skill verifies storage bucket access by listing files, reading metadata, and downloading samples to validate permissions and RLS policies.

supabase-audit-buckets-public

yoanbernabeu/supabase-pentest-skills

This skill identifies publicly accessible storage buckets in Supabase and provides actionable remediation guidance to prevent data exposure.

supabase-evidence

yoanbernabeu/supabase-pentest-skills

This skill initializes and manages progressive evidence collection for professional security audits, ensuring immediate evidence saving and organized reporting.

supabase-detect

yoanbernabeu/supabase-pentest-skills

This skill detects Supabase usage in a web app by analyzing domain patterns, client libraries, and API endpoints to determine project presence.

supabase-extract-anon-key

yoanbernabeu/supabase-pentest-skills

This skill extracts the Supabase anon key from client code to enable secure testing and RLS verification across projects.

supabase-extract-jwt

yoanbernabeu/supabase-pentest-skills

This skill extracts and analyzes Supabase JWTs from client code and storage patterns to uncover exposure, risks, and misconfigurations.

supabase-extract-service-key

yoanbernabeu/supabase-pentest-skills

This skill detects leaked service_role keys in client-side code during security audits, ensuring immediate remediation and safe Supabase usage.

supabase-extract-url

yoanbernabeu/supabase-pentest-skills

This skill extracts the Supabase project URL from client-side code and config to enable rapid testing and targeted security auditing.

supabase-report

yoanbernabeu/supabase-pentest-skills

This skill generates a comprehensive Supabase security audit report with executive summary, findings, and actionable remediation guidance for stakeholders.