← Back to Skills

Supabase Extract Anon Key

🌐Community
by yoanbernabeu · vlatest · Repository

Helps with Supabase, data extraction as part of working with databases and data persistence workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add supabase-extract-anon-key npx -- -y @trustedskills/supabase-extract-anon-key
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "supabase-extract-anon-key": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/supabase-extract-anon-key"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill extracts anonymous API keys from Supabase projects, enabling AI agents to interact with database instances without requiring user authentication tokens. It is specifically designed for security auditing and penetration testing scenarios where access verification is necessary.

When to use it

  • Automating security assessments of public or misconfigured Supabase deployments.
  • Verifying whether an application inadvertently exposes credentials in source code or environment variables.
  • Simulating unauthorized access attempts to test database isolation controls.
  • Recovering lost access when only the project URL is known but no valid key exists.

Key capabilities

  • Parses Supabase project configurations to locate anonymous keys.
  • Validates extracted keys against active Supabase instances.
  • Integrates with AI agent workflows for automated security testing pipelines.

Example prompts

  • "Extract the anonymous API key from this Supabase project configuration file."
  • "Scan the provided codebase for exposed Supabase anon keys and report findings."
  • "Use the extracted anon key to query the public tables in this Supabase instance."

Tips & gotchas

This skill should only be used on systems you own or have explicit permission to test. Extracting anonymous keys from unauthorized projects may violate terms of service or laws. Always verify project ownership before attempting extraction.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
yoanbernabeu
Installs
77
Repository (canonical source) →

🌐 Community

Passed automated security scans.