Supabase Audit Functions

The supabase-audit-functions skill enables AI agents to execute comprehensive security audits directly within Supabase projects. It automates the discovery of misconfigurations, permission leaks, and potential vulnerabilities across database schemas and Row Level Security (RLS) policies.

When to use it

• Conducting pre-deployment security checks before exposing a production database to public traffic.
• Validating that Row Level Security (RLS) policies correctly restrict data access between different user roles.
• Identifying orphaned tables or sensitive columns lacking encryption or masking configurations.
• Performing routine compliance reviews for applications handling personally identifiable information (PII).

Key capabilities

• Automated scanning of Supabase database schemas for security weaknesses.
• Analysis of Row Level Security (RLS) policy definitions and enforcement gaps.
• Detection of overly permissive authentication settings or missing access controls.
• Generation of detailed audit reports highlighting specific misconfigurations found.

Example prompts

• "Run a full security audit on my Supabase project and list any RLS policies that allow unrestricted write access."
• "Scan the database schema for tables containing sensitive data that do not have encryption enabled."
• "Identify any authentication bypass vulnerabilities or missing row-level restrictions in the current configuration."

Tips & gotchas

Ensure your AI agent has the necessary read-only credentials to safely inspect the database without modifying production data. This skill is best used as a preventative measure; always review the generated audit report manually before applying automated fixes to complex security policies.