Loading...
Loading...
Found 47 Skills
Extract the Supabase anon/public API key from client-side code. This key is expected in client apps but important for RLS testing.
Attempt to list and read files from storage buckets to verify access controls.
Extract and decode Supabase-related JWTs from client-side code, cookies, and local storage patterns.
Compare two security audit reports to track remediation progress and identify new vulnerabilities.
List all tables exposed via the Supabase PostgREST API to identify the attack surface.
Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.
Extract the Supabase project URL from client-side JavaScript code, environment variables, and configuration files.
Detect if a web application uses Supabase by analyzing client-side code, network patterns, and API endpoints.
Test if user signup is open and identify potential abuse vectors in the registration process.
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
Test for user enumeration vulnerabilities through various authentication endpoints.
Instant visual verification via screenshots. For quick checks like 'does button look blue', 'is layout centered', 'header look right on mobile'. Fast alternative to formal testing - just look and confirm. Use when user wants visual inspection without creating test files.