supabase-pentest
Supabase Security Audit Orchestrator
🔵 RECOMMENDED: USE PLAN MODE FOR COMPLEX AUDITS
When your environment supports Plan Mode, it is strongly recommended to activate it before starting the audit:
- Use the
EnterPlanModetool at the start of the orchestration- Plan Mode enables better organization of multi-phase audits
- It allows the user to validate the approach before execution
- If Plan Mode is not available, proceed directly with execution
Plan Mode provides better traceability and user control over the audit process.
🔴 CRITICAL: PROGRESSIVE FILE UPDATES REQUIRED
You MUST write to context files AS YOU GO, not just at the end.
- Write to
.sb-pentest-context.jsonIMMEDIATELY after each discovery- Log to
.sb-pentest-audit.logBEFORE and AFTER each action- DO NOT wait until a phase or skill completes to update files
- If the audit crashes or is interrupted, all prior findings must already be saved
More from yoanbernabeu/supabase-pentest-skills
supabase-audit-rls
Test Row Level Security (RLS) policies for common bypass vulnerabilities and misconfigurations.
374supabase-audit-auth-config
Analyze Supabase authentication configuration for security weaknesses and misconfigurations.
187supabase-audit-functions
Discover and test Supabase Edge Functions for security vulnerabilities and misconfigurations.
185supabase-help
Quick reference for all Supabase security audit skills with usage examples and command overview.
181supabase-audit-realtime
Test Supabase Realtime WebSocket channels for unauthorized subscriptions and data exposure.
174supabase-audit-rpc
List and test exposed PostgreSQL RPC functions for security issues and potential RLS bypass.
169