Supabase Audit Authenticated

The supabase-audit-authenticated skill enables AI agents to perform security audits on Supabase projects by executing authenticated queries. It allows the agent to inspect database schemas, review row-level security policies, and analyze user access configurations directly within the environment.

When to use it

• Verifying that Row Level Security (RLS) policies correctly restrict data access for different user roles.
• Auditing existing database tables and views to identify potential schema vulnerabilities or overly permissive settings.
• Checking authentication provider configurations to ensure only authorized users can interact with the database.
• Validating that service role keys are not exposed in application code or environment variables accessible to the agent.

Key capabilities

• Executes SQL queries using valid Supabase authentication tokens.
• Retrieves detailed metadata about tables, columns, and indexes.
• Inspects pg_policies to analyze Row Level Security rules.
• Queries auth.users and related extension tables for access control insights.

Example prompts

• "Audit the current Row Level Security policies on the 'users' table and summarize any potential over-permissioning risks."
• "List all database tables and their associated RLS policies, highlighting which ones are currently disabled or missing."
• "Check if the service role has access to sensitive columns in the 'payments' table and report your findings."

Tips & gotchas

Ensure the AI agent is provided with a valid API key or connection string with appropriate permissions before running audits. This skill relies on the underlying Supabase infrastructure being accessible; it cannot audit projects where network connectivity or authentication credentials are missing.