askill
supabase-help

supabase-helpSafety 100Repository

Quick reference for all Supabase security audit skills with usage examples and command overview.

supabase-helpyoanbernabeu
26 stars
1.2k downloads
Updated 1/31/2026

Package Files

Loading files...
SKILL.md

Supabase Pentest Skills Help

Quick reference for all 24 security audit skills.

When to Use This Skill

  • Need a quick overview of available skills
  • Looking for the right skill for a specific task
  • Want usage examples for a particular skill

Quick Start

# Full guided audit
/supabase-pentest https://myapp.example.com

# Check if app uses Supabase
/supabase-detect https://myapp.example.com

# Generate report from previous audit
/supabase-report

All Skills Reference

Orchestration

SkillCommandPurpose
supabase-pentest/supabase-pentest <url>Full guided security audit
supabase-evidence/supabase-evidenceInitialize evidence collection
supabase-help/supabase-helpThis help reference

Detection

SkillCommandPurpose
supabase-detect/supabase-detect <url>Detect Supabase usage

Extraction

SkillCommandPurpose
supabase-extract-url/supabase-extract-url <url>Find Supabase project URL
supabase-extract-anon-key/supabase-extract-anon-keyExtract anon API key
supabase-extract-service-key/supabase-extract-service-keyFind leaked service key
supabase-extract-jwt/supabase-extract-jwtExtract JWTs from code
supabase-extract-db-string/supabase-extract-db-stringFind DB connection strings

API Audit

SkillCommandPurpose
supabase-audit-tables-list/supabase-audit-tables-listList exposed tables
supabase-audit-tables-read/supabase-audit-tables-readRead table data
supabase-audit-rls/supabase-audit-rlsTest RLS policies
supabase-audit-rpc/supabase-audit-rpcTest RPC functions

Storage Audit

SkillCommandPurpose
supabase-audit-buckets-list/supabase-audit-buckets-listList storage buckets
supabase-audit-buckets-read/supabase-audit-buckets-readRead bucket files
supabase-audit-buckets-public/supabase-audit-buckets-publicFind public buckets

Auth Audit

SkillCommandPurpose
supabase-audit-auth-config/supabase-audit-auth-configCheck auth settings
supabase-audit-auth-signup/supabase-audit-auth-signupTest signup access
supabase-audit-auth-users/supabase-audit-auth-usersTest user enumeration
supabase-audit-authenticated/supabase-audit-authenticatedCreate test user to detect IDOR

Realtime & Functions

SkillCommandPurpose
supabase-audit-realtime/supabase-audit-realtimeTest Realtime channels
supabase-audit-functions/supabase-audit-functionsTest Edge Functions

Reporting

SkillCommandPurpose
supabase-report/supabase-reportGenerate Markdown report
supabase-report-compare/supabase-report-compare <old> <new>Compare two reports

Severity Levels

LevelColorDescription
P0πŸ”΄Critical: data exposure, user data, privilege escalation
P1🟠High: sensitive data, security misconfiguration
P2🟑Medium: minor exposure, best practice violations

Common Workflows

Quick Security Check

1. /supabase-detect https://myapp.com
2. /supabase-extract-anon-key
3. /supabase-audit-rls
4. /supabase-report

Full Audit

1. /supabase-pentest https://myapp.com
   (Follow guided prompts through all phases)

Storage-Only Audit

1. /supabase-detect https://myapp.com
2. /supabase-audit-buckets-list
3. /supabase-audit-buckets-public
4. /supabase-report

Compare After Fixes

1. Copy previous report to reports/audit-v1.md
2. Run new audit: /supabase-pentest https://myapp.com
3. /supabase-report-compare reports/audit-v1.md supabase-audit-report.md

Files and Directories Created

File/DirectoryDescription
.sb-pentest-context.jsonShared context between skills
.sb-pentest-audit.logAction log with timestamps
.sb-pentest-evidence/Evidence directory for professional audits
supabase-audit-report.mdFinal security report

Evidence Directory Structure

.sb-pentest-evidence/
β”œβ”€β”€ README.md                 # Evidence index
β”œβ”€β”€ curl-commands.sh          # Reproducible commands
β”œβ”€β”€ timeline.md               # Chronological findings
β”œβ”€β”€ 01-detection/             # Detection evidence
β”œβ”€β”€ 02-extraction/            # Key extraction evidence
β”œβ”€β”€ 03-api-audit/             # API audit evidence
β”œβ”€β”€ 04-storage-audit/         # Storage audit evidence
β”œβ”€β”€ 05-auth-audit/            # Auth audit evidence
β”œβ”€β”€ 06-realtime-audit/        # Realtime audit evidence
β”œβ”€β”€ 07-functions-audit/       # Functions audit evidence
└── screenshots/              # Optional screenshots

Tips

  1. Always run detection first β€” Most skills auto-invoke it, but it's faster to run explicitly
  2. Check the context file β€” If a skill behaves unexpectedly, the context may have stale data
  3. Use the orchestrator for full audits β€” It handles dependencies automatically
  4. Save reports with dates β€” Rename supabase-audit-report.md to include the date for history

Need More Help?

  • Each skill has detailed documentation β€” run /supabase-<skill-name> for specifics
  • Check the README at the repository root
  • Open an issue on GitHub for bugs or feature requests

Install

Download ZIP
Requires askill CLI v1.0+β–Ά

AI Quality Score

96/100Analyzed 2/12/2026

An exemplary reference skill providing a comprehensive overview of a Supabase security auditing toolkit, featuring command tables, workflow examples, and directory structures.

100
100
90
100
95

Metadata

Licenseunknown
Version-
Updated1/31/2026
Publisheryoanbernabeu

Tags

apigithubsecuritytesting