Summary
Creates a test user in your Supabase project to compare what authenticated users can access versus anonymous ones, specifically hunting for IDOR vulnerabilities and cross-user data leaks. You'd run this after your anonymous audit to catch the stuff that only shows up when you're logged in: someone accessing another user's orders, reading all profiles when they should only see their own, or hitting admin endpoints with a regular account. The skill is paranoid about progressive logging, writing findings to disk after each test so you don't lose evidence if something crashes. Asks for explicit consent before creating the pentest user and offers to delete it when done.
Install to Claude Code
npx -y skills add yoanbernabeu/supabase-pentest-skills --skill supabase-audit-authenticated --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
