Supabase Audit Rpc

The supabase-audit-rpc skill enables AI agents to execute Remote Procedure Calls (RPCs) within Supabase projects for security auditing. It allows agents to interact directly with database functions to verify access controls, test data integrity, and simulate attack vectors in a controlled environment.

When to use it

• Validating Row Level Security (RLS) policies by attempting unauthorized data access via RPC endpoints.
• Simulating external API threats to ensure Supabase functions handle malicious inputs safely.
• Auditing database function permissions to confirm only authorized roles can trigger specific logic.
• Testing the resilience of custom business logic implemented as Supabase functions against edge cases.

Key capabilities

• Direct execution of RPC calls against Supabase projects.
• Verification of access control mechanisms through simulated user contexts.
• Assessment of input validation within database functions.
• Integration with automated security testing workflows for continuous auditing.

Example prompts

• "Run an audit on my Supabase project to check if the public role can bypass RLS policies on the users table via RPC."
• "Execute a test RPC call to the calculate_tax function with invalid JSON input to see how it handles errors."
• "Audit the permissions of the update_inventory RPC to ensure only service roles have write access."

Tips & gotchas

Ensure your Supabase project has the necessary API keys exposed to the AI agent, as direct RPC execution requires authentication. This skill is designed for security testing; use it responsibly and only on environments where you have explicit permission to perform audits.