Loading...
Loading...
Found 167 Skills
Extract the Supabase anon/public API key from client-side code. This key is expected in client apps but important for RLS testing.
Attempt to list and read files from storage buckets to verify access controls.
Detect if a web application uses Supabase by analyzing client-side code, network patterns, and API endpoints.
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
Test for user enumeration vulnerabilities through various authentication endpoints.
Full-stack Next.js 14 development with TypeScript, TailwindCSS, and Supabase for building production-ready web applications.
Expert knowledge for Supabase database, RLS, and backend patternsUse when "supabase, row level security, rls, postgres, database policy, supabase storage, supabase realtime, supabase, postgres, rls, database, backend, storage, realtime" mentioned.
Expert integration of Supabase Auth with Next.js App Router Use when: supabase auth next, authentication next.js, login supabase, auth middleware, protected route.
Core Supabase CLI, migrations, RLS, Edge Functions
Test if user signup is open and identify potential abuse vectors in the registration process.
Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.
Express/Hono with Supabase and Drizzle ORM