← Back to Skills

Supabase Audit Buckets Read

🌐Community
by yoanbernabeu · vlatest · Repository

Helps with Supabase, auditing as part of working with databases and data persistence workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add supabase-audit-buckets-read npx -- -y @trustedskills/supabase-audit-buckets-read
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "supabase-audit-buckets-read": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/supabase-audit-buckets-read"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to read and inspect Supabase storage buckets, allowing for the discovery of stored files and verification of access permissions. It is specifically designed for security auditing and penetration testing workflows within Supabase environments.

When to use it

  • Auditing public storage buckets to identify exposed or sensitive user-uploaded files.
  • Verifying that private bucket policies are correctly restricting unauthorized read access.
  • Performing pre-deployment checks on file storage configurations in a development environment.
  • Investigating potential data leaks by scanning bucket contents for unexpected file types.

Key capabilities

  • Reads metadata and content of files within specified Supabase buckets.
  • Validates current access control lists (ACLs) and policy rules.
  • Integrates directly with the Supabase Pentest Skills suite for automated security checks.

Example prompts

  • "Audit all public buckets in my Supabase project to list accessible file paths."
  • "Check if the 'user-profiles' bucket allows read access from unauthenticated users."
  • "Scan the storage configuration for any buckets with overly permissive read policies."

Tips & gotchas

Ensure you have valid authentication credentials and appropriate permissions before attempting to read private buckets. This skill is part of a broader pentest suite; use it only in authorized testing environments to avoid triggering security alerts or violating data privacy laws.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
yoanbernabeu
Installs
76
Repository (canonical source) →

🌐 Community

Passed automated security scans.