← Back to Skills

Supabase Extract Jwt

🌐Community
by yoanbernabeu · vlatest · Repository

Helps with Supabase, data extraction, JWT as part of working with databases and data persistence workflows.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add supabase-extract-jwt npx -- -y @trustedskills/supabase-extract-jwt
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "supabase-extract-jwt": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/supabase-extract-jwt"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

The supabase-extract-jwt skill parses Supabase JWT tokens to reveal embedded claims, enabling agents to inspect user identity data without executing database queries. It is designed for security auditing and debugging scenarios where understanding token payload structure is critical.

When to use it

  • Analyzing authentication tokens during penetration testing to verify scope and permissions.
  • Debugging session issues by decoding claims to identify missing or incorrect user attributes.
  • Validating that Supabase policies correctly restrict access based on specific JWT fields.
  • Inspecting token expiration and issuer details in a secure, read-only manner.

Key capabilities

  • Decodes standard Supabase JWT tokens automatically.
  • Extracts and displays all claims within the token payload.
  • Operates without requiring database write permissions or active connections.

Example prompts

  • "Extract the user ID and role from this Supabase JWT token: [paste_token_here]"
  • "Decode this authentication token and list all embedded claims for security review."
  • "What does this JWT token claim about the current session's expiration time?"

Tips & gotchas

Ensure you provide a valid, unexpired Supabase JWT token to avoid parsing errors. This skill is intended for inspection only; do not use extracted data to forge new tokens or bypass authentication controls.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
yoanbernabeu
Installs
75
Repository (canonical source) →

🌐 Community

Passed automated security scans.