Main Site ā†—
SkillHubSkillHub
SKILLHUB
Back to List

supabase-help

by yoanbernabeu330GitHub

Quick reference for all Supabase security audit skills with usage examples and command overview.

Unlock Deep Analysis

Use AI to visualize the workflow and generate a realistic output preview for this skill.

Powered by Fastest LLM

Development
Compatible Agents
Claude Code
Claude Code
~/.claude/skills/
Codex CLI
Codex CLI
~/.codex/skills/
Gemini CLI
Gemini CLI
~/.gemini/skills/
O
OpenCode
~/.opencode/skills/
O
OpenClaw
~/.openclaw/skills/
GitHub Copilot
GitHub Copilot
~/.copilot/skills/
Cursor
Cursor
~/.cursor/skills/
W
Windsurf
~/.codeium/windsurf/skills/
C
Cline
~/.cline/skills/
R
Roo Code
~/.roo/skills/
K
Kiro
~/.kiro/skills/
J
Junie
~/.junie/skills/
A
Augment Code
~/.augment/skills/
W
Warp
~/.warp/skills/
G
Goose
~/.config/goose/skills/
SKILL.md

Supabase Pentest Skills Help

Quick reference for all 24 security audit skills.

When to Use This Skill

  • Need a quick overview of available skills
  • Looking for the right skill for a specific task
  • Want usage examples for a particular skill

Quick Start

# Full guided audit
/supabase-pentest https://myapp.example.com

# Check if app uses Supabase
/supabase-detect https://myapp.example.com

# Generate report from previous audit
/supabase-report

All Skills Reference

Orchestration

SkillCommandPurpose
supabase-pentest/supabase-pentest <url>Full guided security audit
supabase-evidence/supabase-evidenceInitialize evidence collection
supabase-help/supabase-helpThis help reference

Detection

SkillCommandPurpose
supabase-detect/supabase-detect <url>Detect Supabase usage

Extraction

SkillCommandPurpose
supabase-extract-url/supabase-extract-url <url>Find Supabase project URL
supabase-extract-anon-key/supabase-extract-anon-keyExtract anon API key
supabase-extract-service-key/supabase-extract-service-keyFind leaked service key
supabase-extract-jwt/supabase-extract-jwtExtract JWTs from code
supabase-extract-db-string/supabase-extract-db-stringFind DB connection strings

API Audit

SkillCommandPurpose
supabase-audit-tables-list/supabase-audit-tables-listList exposed tables
supabase-audit-tables-read/supabase-audit-tables-readRead table data
supabase-audit-rls/supabase-audit-rlsTest RLS policies
supabase-audit-rpc/supabase-audit-rpcTest RPC functions

Storage Audit

SkillCommandPurpose
supabase-audit-buckets-list/supabase-audit-buckets-listList storage buckets
supabase-audit-buckets-read/supabase-audit-buckets-readRead bucket files
supabase-audit-buckets-public/supabase-audit-buckets-publicFind public buckets

Auth Audit

SkillCommandPurpose
supabase-audit-auth-config/supabase-audit-auth-configCheck auth settings
supabase-audit-auth-signup/supabase-audit-auth-signupTest signup access
supabase-audit-auth-users/supabase-audit-auth-usersTest user enumeration
supabase-audit-authenticated/supabase-audit-authenticatedCreate test user to detect IDOR

Realtime & Functions

SkillCommandPurpose
supabase-audit-realtime/supabase-audit-realtimeTest Realtime channels
supabase-audit-functions/supabase-audit-functionsTest Edge Functions

Reporting

SkillCommandPurpose
supabase-report/supabase-reportGenerate Markdown report
supabase-report-compare/supabase-report-compare <old> <new>Compare two reports

Severity Levels

LevelColorDescription
P0šŸ”“Critical: data exposure, user data, privilege escalation
P1šŸŸ High: sensitive data, security misconfiguration
P2šŸŸ”Medium: minor exposure, best practice violations

Common Workflows

Quick Security Check

1. /supabase-detect https://myapp.com
2. /supabase-extract-anon-key
3. /supabase-audit-rls
4. /supabase-report

Full Audit

1. /supabase-pentest https://myapp.com
   (Follow guided prompts through all phases)

Storage-Only Audit

1. /supabase-detect https://myapp.com
2. /supabase-audit-buckets-list
3. /supabase-audit-buckets-public
4. /supabase-report

Compare After Fixes

1. Copy previous report to reports/audit-v1.md
2. Run new audit: /supabase-pentest https://myapp.com
3. /supabase-report-compare reports/audit-v1.md supabase-audit-report.md

Files and Directories Created

File/DirectoryDescription
.sb-pentest-context.jsonShared context between skills
.sb-pentest-audit.logAction log with timestamps
.sb-pentest-evidence/Evidence directory for professional audits
supabase-audit-report.mdFinal security report

Evidence Directory Structure

.sb-pentest-evidence/
ā”œā”€ā”€ README.md                 # Evidence index
ā”œā”€ā”€ curl-commands.sh          # Reproducible commands
ā”œā”€ā”€ timeline.md               # Chronological findings
ā”œā”€ā”€ 01-detection/             # Detection evidence
ā”œā”€ā”€ 02-extraction/            # Key extraction evidence
ā”œā”€ā”€ 03-api-audit/             # API audit evidence
ā”œā”€ā”€ 04-storage-audit/         # Storage audit evidence
ā”œā”€ā”€ 05-auth-audit/            # Auth audit evidence
ā”œā”€ā”€ 06-realtime-audit/        # Realtime audit evidence
ā”œā”€ā”€ 07-functions-audit/       # Functions audit evidence
ā””ā”€ā”€ screenshots/              # Optional screenshots

Tips

  1. Always run detection first ā€” Most skills auto-invoke it, but it's faster to run explicitly
  2. Check the context file ā€” If a skill behaves unexpectedly, the context may have stale data
  3. Use the orchestrator for full audits ā€” It handles dependencies automatically
  4. Save reports with dates ā€” Rename supabase-audit-report.md to include the date for history

Need More Help?

  • Each skill has detailed documentation ā€” run /supabase-<skill-name> for specifics
  • Check the README at the repository root
  • Open an issue on GitHub for bugs or feature requests

Source: https://github.com/yoanbernabeu/supabase-pentest-skills#skills~orchestration~supabase-help

Content curated from original sources, copyright belongs to authors

Grade B
-AI Score
Best Practices
Checking...
Try this Skill

User Rating

USER RATING

0UP
0DOWN
Loading files...

WORKS WITH

Claude Code
Claude
Codex CLI
Codex
Gemini CLI
Gemini
O
OpenCode
O
OpenClaw
GitHub Copilot
Copilot
Cursor
Cursor
W
Windsurf
C
Cline
R
Roo
K
Kiro
J
Junie
A
Augment
W
Warp
G
Goose