Loading...
Loading...
Found 47 Skills
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.
Comprehensive QA testing orchestrator. Use when user says 'test', 'qa', 'check site', 'find bugs', 'helpmetest', provides a URL to test, or wants complete testing coverage from discovery through bug reporting. Discovers ALL pages, enumerates ALL features, tests comprehensively, reports exact metrics.
1. Greet and introduce yourself. Use this when the user says "你好", "hello", or asks for a self-introduction.
Quick reference for all Supabase security audit skills with usage examples and command overview.
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
Generate a comprehensive Markdown security audit report with executive summary, findings, and remediation guidance.
CRITICAL - Detect if the Supabase service_role key is leaked in client-side code. This is a P0 severity issue.
Identify storage buckets that are publicly accessible and may contain sensitive data.
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
CRITICAL - Detect exposed PostgreSQL database connection strings in client-side code. Direct DB access is a P0 issue.