yoanbernabeu

yoanbernabeu / supabase-pentest-skills

Public

24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing, storage audit, IDOR detection, and comprehensive reporting. Works with Claude Code, Cursor, Windsurf, and 30+ AI agents.

ai-agent api-security claude-code penetration-testing pentest
31
1
69% credibility
Found Feb 02, 2026 at 21 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A toolkit of 24 skills for AI agents to perform structured security audits on Supabase web applications, covering detection, credential checks, component testing, evidence gathering, and reporting.

How It Works

1
🔍 Discover the security toolkit

You learn about a handy set of tools that helps check your web app's backend for common security weak spots.

2
📥 Add the tools easily

With one quick action, you bring these checking abilities into your AI assistant so it's ready to help.

3
🗂️ Set up your checking space

You create a simple folder and grab a friendly guide to keep everything organized and on track.

4
🚀 Launch the full check

You tell your AI helper to run a complete security review on your website, and it starts working step by step.

5
🔎 Watch the checks unfold

Your assistant carefully looks for hidden clues, tests protections, scans storage and logins, gathering proof of what it finds.

6
📋 Collect all the evidence

Everything gets saved neatly with timelines, examples, and notes so you can review it anytime.

📊 Get your security report

You receive a clear summary with problem levels, impacts, and easy fix suggestions to make your app safer.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 21 to 31 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is supabase-pentest-skills?

This repo packs 24 AI agent skills for auditing Supabase apps, spotting usage from public URLs, pulling exposed keys and JWTs, testing RLS policies, storage buckets, auth flaws, and realtime channels, then spitting out detailed reports with evidence. Install via one npx command like `npx skills add yoanbernabeu/supabase-pentest-skills`, and it slots into Claude Code, Cursor, Windsurf, or 30+ agent github copilot tools—no setup hassle. Devs get a full pentest workflow with logs, timelines, and repro curl commands, all read-only for internal checks.

Why is it gaining traction?

It beats manual curl scripting or generic scanners by chaining skills systematically—detection to reporting—with shared context and pro evidence folders that survive crashes. The CLAUDE.md template enforces checklists for agent skills claude and agent github action flows, plus packs like supabase-complete for quick grabs. Low stars (26) but hooks devs via agent skills vscode integration and agent github microsoft compatibility.

Who should use this?

Supabase backend devs hardening apps before launch, security engineers auditing client projects for key leaks or IDOR, or teams tracking fixes with report-compare. Ideal for internal self-assessments on live sites, not external red-teaming.

Verdict

Grab it if you're deep in Supabase and need agent skills github for fast audits—docs are solid, install is dead simple—but the 0.7% credibility score and 26 stars scream early days, so validate outputs manually before trusting in prod. Solid starter for authorized teams.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.