Loading...
Loading...
Found 54 Skills
CRITICAL - Detect if the Supabase service_role key is leaked in client-side code. This is a P0 severity issue.
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
Set up HelpMeTest proxy tunnels for local development testing. Use when user needs to test localhost, wants to substitute production URLs with local ports, or needs to route multiple services. Use when user says 'set up proxy', 'test localhost', 'tunnel to local', or before running tests against local development servers.
Attempt to list and read files from storage buckets to verify access controls.
Deep UI walkthrough with screenshot-based analysis across all pages and viewports (desktop + tablet + mobile). Delivers per-page improvement pitches grounded in what you actually see. Use when user says 'review the UI', 'pitch UI improvements', 'how does this look', 'UX audit', 'walk through the app'.
Detect if a web application uses Supabase by analyzing client-side code, network patterns, and API endpoints.
Comprehensive QA testing orchestrator. Use when user says 'test', 'qa', 'check site', 'find bugs', 'helpmetest', provides a URL to test, or wants complete testing coverage from discovery through bug reporting. Discovers ALL pages, enumerates ALL features, tests comprehensively, reports exact metrics.
Extract and decode Supabase-related JWTs from client-side code, cookies, and local storage patterns.
Create a test user (with explicit permission) to audit what authenticated users can access vs anonymous users. Detects IDOR, cross-user access, and privilege escalation.
Set up HelpMeTest proxy tunnels for local development testing. Use when user needs to test localhost, wants to substitute production URLs with local ports, or needs to route multiple services. Use when user says 'set up proxy', 'test localhost', 'tunnel to local', or before running tests against local development servers.
Use this skill when the user doesn't yet know what to test. This is the "learn the site first" step — for unfamiliar websites, new projects, or any situation where Feature/Persona artifacts don't exist yet. Use when the user: gives a URL with no specific test in mind, asks what features or flows a site has, wants to explore or walk through a site, is new to a project, or says "explore before we test". Also use for bare "test [URL]" commands with no further context. Do not use when Feature artifacts already exist or the user references specific known tests or bugs.
Quick reference for all Supabase security audit skills with usage examples and command overview.