Summary
This audits PostgreSQL functions exposed through Supabase's RPC endpoint, looking for three main problems: SECURITY DEFINER functions that bypass row-level security, missing auth.uid() checks that let anyone call admin functions, and SQL injection vulnerabilities from text parameters. It tests each function progressively and writes findings to context files as it goes, not at the end. The output shows you exactly which functions are dangerous and gives you the SQL to fix them. Use this after you've done a tables audit to find privilege escalation paths hidden in your database functions. The skill is paranoid about SECURITY DEFINER and anything that accepts raw text input, which is the right instinct.
Install to Claude Code
npx -y skills add yoanbernabeu/supabase-pentest-skills --skill supabase-audit-rpc --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
