Share
## https://sploitus.com/exploit?id=A786CFE2-D1A1-577A-906A-E139BE14D23B
# ๐Ÿ›ก๏ธ Supabase Sentinel

**A Claude Skill that audits your Supabase project for security vulnerabilities.**

Drop it into Claude Code, Cursor, or any Claude-powered environment. Say "audit my Supabase project" and get a comprehensive security report with exact fix SQL โ€” in minutes, not days.

> **170+ Lovable apps were breached.** 20.1M rows were exposed across YC startups. 45% of AI-generated code introduces OWASP Top 10 vulnerabilities. Supabase's built-in Security Advisor only checks whether RLS *exists* โ€” Supabase Sentinel tests whether it actually *works*.

---

## What it does

Supabase Sentinel performs a 7-step security audit on any Supabase project:

1. **Scans your codebase** for exposed service_role keys, hardcoded JWTs, and secrets committed to git
2. **Introspects your database** schema โ€” tables, RLS policies, views, functions, storage buckets
3. **Matches against 27 known vulnerability patterns** sourced from CVE-2025-48757, 10 published security studies, and thousands of documented breaches
4. **Dynamically probes your API** using the `Prefer: tx=rollback` technique (zero data modified, safe for production)
5. **Tests ghost auth** โ€” can attackers create unconfirmed accounts and access your data?
6. **Generates a scored security report** with plain-English explanations and concrete attacker scenarios
7. **Produces exact fix SQL** โ€” copy, paste, done

---

## Quick start

### Option 1: Claude Code / Cursor

Copy the skill folder into your project:

```bash
# Clone into your project's skills directory
git clone https://github.com/Farenhytee/supabase-sentinel.git .claude/skills/supabase-sentinel

# Or if you have a central skills directory
git clone https://github.com/Farenhytee/supabase-sentinel.git ~/claude-skills/supabase-sentinel
```

Then just ask Claude:

```
Audit my Supabase project for security issues
```

Claude will auto-detect your Supabase credentials from `.env` files, run the full audit, and present a report.

### Option 2: Claude.ai (with computer use)

1. Download this repo as a ZIP
2. Upload it to a Claude.ai conversation with computer use enabled
3. Ask: "Use the Supabase Sentinel skill to audit my Supabase project"
4. Provide your Supabase URL and keys when prompted

### Option 3: Manual (any AI assistant)

Copy the contents of `SKILL.md` into your system prompt or conversation, then follow the workflow with your Supabase credentials.

---

## What it catches

### Critical

| Pattern | Description |
|---------|-------------|
| `RLS_DISABLED` | Tables without Row-Level Security โ€” fully exposed to the internet |
| `SERVICE_ROLE_EXPOSED` | service_role key in frontend code โ€” bypasses ALL security |
| `POLICIES_BUT_NO_RLS` | Policies written but RLS never enabled โ€” false sense of security |
| `WRITE_USING_TRUE` | INSERT/UPDATE/DELETE with `USING(true)` โ€” anyone can modify data |

### High

| Pattern | Description |
|---------|-------------|
| `USING_TRUE_SELECT` | All rows readable by anonymous users on sensitive tables |
| `VIEW_NO_SECURITY_INVOKER` | Views bypass RLS, running as superuser |
| `SECURITY_DEFINER_EXPOSED` | Functions in public schema bypass RLS, callable via API |
| `USER_METADATA_IN_POLICY` | Policies reference user-modifiable metadata โ€” privilege escalation |
| `UPDATE_NO_WITHCHECK` | UPDATE policies without WITH CHECK โ€” mass assignment risk |
| `GHOST_AUTH` | Unconfirmed email signups grant authenticated sessions |
| `STORAGE_NO_RLS` | Storage bucket missing access control policies |
| `JWT_SECRET_EXPOSED` | JWT signing secret leaked โ€” can forge any user's token |

### Medium

| Pattern | Description |
|---------|-------------|
| `RLS_NO_POLICIES` | RLS enabled but no policies โ€” all access silently denied (bug) |
| `POLICY_NO_ROLE_SCOPE` | Policy applies to all roles including anonymous |
| `MULTIPLE_PERMISSIVE` | Multiple permissive policies OR'd โ€” most permissive wins |
| `RLS_PERFORMANCE` | `auth.uid()` not cached โ€” performance degradation, potential DoS |
| `PUBLIC_BUCKET` | Storage bucket publicly accessible without auth |
| `SENSITIVE_COLUMNS` | Columns named `password`, `api_key`, etc. exposed via API |
| + 9 more patterns | See `references/anti-patterns.md` for the full list |

---

## Example output

```
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘          SUPABASE SENTINEL SECURITY REPORT             โ•‘
โ• โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•ฃ
โ•‘  Project:   https://myapp.supabase.co                  โ•‘
โ•‘  Scanned:   2026-03-15 14:30 UTC                       โ•‘
โ•‘  Score:     35/100 ๐Ÿ”ด                                   โ•‘
โ•‘  Summary:   12 tables, 8 policies, 7 findings          โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•

๐Ÿ”ด CRITICAL โ€” users: RLS Disabled

  Risk:     Anyone on the internet can read your entire users table
  Attack:   Open browser DevTools โ†’ copy anon key โ†’ curl the API โ†’ dump all emails, names, metadata
  Proof:    curl returns [{"id":"...","email":"user@real.com",...}]

  Fix:
  ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;

  CREATE POLICY "users_select_own"
    ON public.users FOR SELECT TO authenticated
    USING ((SELECT auth.uid()) = id);

๐ŸŸ  HIGH โ€” profiles: SELECT policy uses USING(true)

  Risk:     All user profiles are readable by anyone, including anonymous users
  Attack:   Enumerate all profiles via the API to harvest user data
  ...

โœ… PASSING: orders, payments, invoices, subscriptions (4 tables properly secured)
```

---

## File structure

```
supabase-sentinel/
โ”œโ”€โ”€ SKILL.md                           # Core skill โ€” 7-step audit workflow (333 lines)
โ”œโ”€โ”€ references/
โ”‚   โ”œโ”€โ”€ audit-queries.md               # 20 SQL queries for schema introspection
โ”‚   โ”œโ”€โ”€ anti-patterns.md               # 27 vulnerability patterns with severity/detection/fix
โ”‚   โ”œโ”€โ”€ fix-templates.md               # SQL fix templates โ€” 7 RLS patterns, storage, auth, prevention
โ”‚   โ””โ”€โ”€ vibe-coding-context.md         # CVE-2025-48757, research studies, platform analysis
โ”œโ”€โ”€ assets/
โ”‚   โ””โ”€โ”€ github-action-template.yml     # CI/CD workflow for continuous monitoring
โ”œโ”€โ”€ README.md
โ””โ”€โ”€ LICENSE                            # MIT
```

**How progressive disclosure works:** When Claude loads this skill, it only reads the 333-line `SKILL.md` initially (~5000 tokens). Reference files are loaded on-demand during specific audit steps โ€” `audit-queries.md` at Step 1, `anti-patterns.md` at Step 2, `fix-templates.md` at Step 5. This keeps context usage efficient.

---

## Continuous monitoring (GitHub Action)

Supabase Sentinel can generate a GitHub Action that:
- Runs on every push to `supabase/migrations/`
- Runs weekly (Monday 6am UTC)
- Posts findings as PR comments
- Blocks merges on CRITICAL findings

Just ask: "Set up continuous security monitoring for this project."

See `assets/github-action-template.yml` for the template.

---

## Research backing

This skill's anti-pattern database is sourced from:

- **CVE-2025-48757** โ€” 170+ Lovable apps exposed, CVSS 9.3 (Matt Palmer, May 2025)
- **Escape.tech** โ€” 2,000+ vulnerabilities across 5,600 vibe-coded apps (October 2025)
- **Veracode** โ€” 45% of AI-generated code introduces OWASP Top 10 vulnerabilities (July 2025)
- **Carnegie Mellon SusVibes** โ€” 82.8% of functionally correct AI code was insecure (December 2025)
- **SupaExplorer** โ€” 11% of indie apps expose Supabase credentials (January 2026)
- **ModernPentest** โ€” 20.1M rows exposed across 107 YC startups (March 2026)
- **Wiz Research** โ€” Critical auth bypass in Base44 vibe-coding platform (July 2025)
- **Supabase Security Retro 2025** โ€” Official documentation of built-in advisor capabilities and gaps
- **Supabase Splinter** โ€” All 16 official security lints mapped and extended

See `references/vibe-coding-context.md` for the full research breakdown.

---

## What Supabase Sentinel catches that Supabase Security Advisor doesn't

Supabase's built-in Security Advisor (Splinter) runs 16 lints. Supabase Sentinel extends this with:

| Gap | What Splinter misses | Supabase Sentinel covers |
|-----|---------------------|-------------------|
| Policy correctness | Only checks if policies exist | Tests if they actually prevent unauthorized access |
| Dynamic probing | Static analysis only | Live API testing with `tx=rollback` |
| Ghost auth | Not checked | Tests email confirmation bypass |
| Mass assignment | Not checked | Detects UPDATE without WITH CHECK + sensitive columns |
| Storage config | Not checked | Audits bucket visibility and storage.objects RLS |
| Codebase scanning | Not applicable | Finds service_role keys in frontend code |
| Key exposure | Not checked | Detects hardcoded JWTs and committed .env files |
| Column-level security | Not checked | Flags sensitive columns accessible via API |
| CI/CD integration | Not available | GitHub Action for continuous monitoring |

---

## Contributing

Contributions are welcome! The most valuable contributions are:

1. **New anti-patterns** โ€” Found a Supabase security issue not in our database? Add it to `references/anti-patterns.md` with severity, detection query, fix SQL, and real-world evidence.
2. **Fix template improvements** โ€” Better RLS policy patterns, edge cases, or performance optimizations in `references/fix-templates.md`.
3. **Testing on real projects** โ€” Run Supabase Sentinel on your own Supabase projects and report false positives/negatives.
4. **Platform-specific patterns** โ€” Document security patterns specific to Lovable, Bolt, Replit, or other vibe-coding platforms.

### How to contribute

1. Fork this repo
2. Create a branch (`git checkout -b add-new-pattern`)
3. Add your changes with clear documentation
4. Submit a PR with a description of the pattern and evidence

---

## Roadmap

- [ ] **CLI tool** โ€” `npx supabase-sentinel audit` for non-Claude environments
- [ ] **MCP server** โ€” programmatic access for CI/CD and dashboards
- [ ] **Firebase support** โ€” extend to Firebase Security Rules auditing
- [ ] **Premium dashboard** โ€” historical trending, multi-project views, Slack alerts
- [ ] **VS Code extension** โ€” inline security warnings in the editor

---

## Safety

Supabase Sentinel is designed to be safe for production use:

- **Dynamic tests use `Prefer: tx=rollback`** โ€” PostgREST processes the request, evaluates RLS, returns the result, then rolls back. Zero data modified.
- **Auth probes use `.invalid` TLD** โ€” test emails use RFC 2606 reserved domains that cannot receive mail.
- **Read-only introspection** โ€” schema queries only read `pg_tables`, `pg_policies`, and `information_schema`. No DDL or DML.
- **Open source** โ€” audit the auditor. Every query and test is visible in the source.

---

## License

MIT โ€” use it however you want, commercially or otherwise.

---


  Built for the vibe-coding era.
  Because "it works" and "it's secure" are two very different things.