Supabase Audit Buckets Public

The supabase-audit-buckets-public skill enables AI agents to systematically scan Supabase storage buckets for publicly accessible resources. It identifies potential security vulnerabilities where sensitive data might be exposed without authentication, ensuring compliance with privacy standards.

When to use it

• Pre-deployment security checks: Run this audit before launching a new application to ensure no user-uploaded files are accidentally made public.
• Post-incident investigation: Quickly locate and secure any buckets that were mistakenly configured as public after a data breach or configuration error.
• Compliance verification: Validate that storage configurations adhere to GDPR, HIPAA, or other regulations requiring strict access controls on sensitive data.
• Routine maintenance: Integrate into CI/CD pipelines to automatically flag public bucket changes during the build process.

Key capabilities

• Scans all Supabase storage buckets for public read/write permissions.
• Identifies specific files or directories exposed without authentication.
• Provides a clear report of vulnerable resources requiring immediate remediation.

Example prompts

• "Audit my Supabase project and list any storage buckets currently set to public access."
• "Check if the 'user-uploads' bucket in my Supabase instance allows unauthenticated reads or writes."
• "Scan all tables and buckets for misconfigurations that expose sensitive data publicly."

Tips & gotchas

Ensure your AI agent has read-only access to the Supabase project configuration; attempting to modify buckets directly during an audit could cause unintended side effects. This skill focuses on permission levels, so it may not detect logical vulnerabilities like missing encryption at rest.