Loading...
Loading...
Found 153 Skills
CRITICAL - Detect if the Supabase service_role key is leaked in client-side code. This is a P0 severity issue.
Identify storage buckets that are publicly accessible and may contain sensitive data.
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
CRITICAL - Detect exposed PostgreSQL database connection strings in client-side code. Direct DB access is a P0 issue.
Extract the Supabase anon/public API key from client-side code. This key is expected in client apps but important for RLS testing.
Attempt to list and read files from storage buckets to verify access controls.
Extract and decode Supabase-related JWTs from client-side code, cookies, and local storage patterns.
List all tables exposed via the Supabase PostgREST API to identify the attack surface.
Attempt to read data from exposed tables to verify actual data exposure and RLS effectiveness.
Extract the Supabase project URL from client-side JavaScript code, environment variables, and configuration files.
Detect if a web application uses Supabase by analyzing client-side code, network patterns, and API endpoints.
Test if user signup is open and identify potential abuse vectors in the registration process.