Summary
This extracts Supabase project URLs from client-side JavaScript, scanning for patterns like createClient() calls, environment variable references, and config objects in bundled code. It validates what it finds by checking URL format and attempting to reach the REST API endpoint, then generates all the derivative endpoints (auth, storage, realtime). Handles multiple URLs gracefully by ranking them by frequency. The progressive logging approach is solid, you write findings to context files immediately after each discovery rather than batching at the end, which matters if you're scanning a large app and something times out. Run this after detecting Supabase usage, then follow up with the anon key and service key extraction skills.
Install to Claude Code
npx -y skills add yoanbernabeu/supabase-pentest-skills --skill supabase-extract-url --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
