security-supabase
SKILL.md
Supabase Security Best Practices
Comprehensive security guide for Supabase projects. Contains rules across 6 categories, prioritized by impact to guide secure configuration, RLS policy design, and authentication patterns.
When to Apply
Reference these guidelines when:
- Writing or reviewing RLS policies
- Configuring Supabase Auth (OAuth, email, sessions)
- Setting up storage bucket policies
- Securing realtime channel subscriptions
- Writing or reviewing edge functions
- Auditing a Supabase project before launch
- Reviewing API exposure and anon key usage
Rule Categories by Priority
| Priority | Category | Impact | Prefix |
|---|---|---|---|
| 1 | Row Level Security | CRITICAL | rls- |
| 2 | Authentication | CRITICAL | auth- |
| 3 | API Exposure | HIGH | api- |
| 4 | Storage Security | HIGH | storage- |
| 5 | Realtime Security | MEDIUM | realtime- |
| 6 | Edge Functions | MEDIUM | edge- |
How to Use
Read individual rule files for detailed explanations and code examples:
references/rls-enable-all-tables.md
references/auth-pkce-flow.md
references/api-anon-key-scope.md
Each rule file contains:
- Brief explanation of why it matters
- Incorrect code example with explanation
- Correct code example with explanation
- Supabase-specific context and gotchas
- Additional references
References
Weekly Installs
2
Repository
elliottrjacobs/…h-skillsGitHub Stars
1
First Seen
Feb 12, 2026
Security Audits
Installed on
mcpjam2
openhands2
claude-code2
junie2
windsurf2
zencoder2