10 security audit skills for Claude Code. Generate read-only SQL queries to audit your Supabase project — nothing is executed automatically.
npx skills add nocodetalks/supabase-security-audit
Type a command like /audit-rls in Claude Code
Claude generates read-only SQL tailored to your situation
Paste in your SQL Editor, get results interpreted, and apply recommended fixes manually
/full-security-audit
Comprehensive audit covering RLS, policies, sensitive columns, storage, functions, API exposure, auth, and Realtime in a single script. Start here for a complete picture.
/emergency-assessment
For suspected breaches or leaked credentials. Provides read-only assessment queries and a structured response plan. Does not execute any changes.
Deep-dive into a specific security area
Finds tables missing Row Level Security. Every table without RLS is fully accessible to anyone with your anon key.
Reviews existing RLS policies for gaps and misconfigurations. Catches USING (true) on write operations and other dangerous patterns.
Finds exposed sensitive columns like passwords, tokens, API keys, SSNs, and credit card numbers in tables accessible via the REST API.
Audits storage buckets for public access, missing policies, and upload restrictions. Public buckets expose all files to the internet.
Audits RPC functions for anon access, SECURITY DEFINER issues, and missing search_path configuration — a critical privilege escalation vector.
Reviews the overall API attack surface — how many tables are exposed, how much data is accessible, and what permissions the anon role has.
Audits authentication configuration including unconfirmed accounts, MFA adoption rate, auth hook security, and service_role usage in policies.
Audits Realtime subscriptions for data leaks. Tables broadcasting changes without RLS let anyone subscribe and watch all data flow in real time.
All skills are open source. Browse the source, contribute, or fork for your own project.
View on GitHub