Supabase Rls Doctor

Audit your Supabase project for the row-level-security mistakes that quietly expose data.

Install
cmdop skills install agensi-supabase-rls-doctor

Deep Security Audits for Supabase Projects

The Supabase RLS Doctor is a specialized security skill designed to identify critical data exposure risks in your Supabase infrastructure. It moves beyond basic linting by performing an evidence-first audit of your Row Level Security (RLS) policies, storage rules, and client-side initialization logic.

What it does

  • Identifies public table exposure and unsafe 'anonymous' access policies.
  • Detects service role key leakage and frontend/backend boundary mistakes.
  • Audits Supabase Storage bucket rules for unauthorized file access.
  • Flags missing auth.uid() constraints and overbroad SQL grants.
  • Analyzes migration drift and tenant ownership rules for multi-tenant apps.

Why use this skill

Unlike generic AI prompts, this skill uses a structured, multi-step workflow. It leverages internal heuristic scanners and a comprehensive audit checklist to ensure no stone is left unturned. It doesn't just guess; it ranks findings by severity (Critical to Info), cites exact lines of code as evidence, and provides copy-pasteable remediation snippets that are safe to apply.

Supported Inputs

  • SQL Migrations and Policy files
  • Supabase Client initialization code
  • Database schema snapshots
  • Storage policy configurations