supabase-extract-anon-key
Supabase Anon Key Extraction
🔴 CRITICAL: PROGRESSIVE FILE UPDATES REQUIRED
You MUST write to context files AS YOU GO, not just at the end.
- Write to
.sb-pentest-context.jsonIMMEDIATELY after each discovery- Log to
.sb-pentest-audit.logBEFORE and AFTER each action- DO NOT wait until the skill completes to update files
- If the skill crashes or is interrupted, all prior findings must already be saved
This is not optional. Failure to write progressively is a critical error.
This skill extracts the Supabase anonymous (public) API key from client-side code.
When to Use This Skill
- After extracting the Supabase URL, to get the API key for testing
- To verify that only the anon key (not service key) is exposed
- Before running API audit skills that require authentication
More from yoanbernabeu/supabase-pentest-skills
supabase-audit-rls
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
374supabase-pentest
Orchestrate a complete Supabase security audit with guided step-by-step execution and ownership confirmation.
240supabase-audit-auth-config
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
187supabase-audit-functions
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
185supabase-help
Quick reference for all Supabase security audit skills with usage examples and command overview.
181supabase-audit-realtime
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
174