Supabase Extract Service Key
Detects whether the Supabase service_role key (an admin credential) has been accidentally exposed in client-side code, preventing a critical secret leak before shipping.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-extract-service-key| Installs | 239 |
|---|---|
| GitHub stars | ★ 48 |
| Last updated | January 31, 2026 |
| Repository | yoanbernabeu/supabase-pentest-skills ↗ |
Who is it for?
Any builder using Supabase who wants to ensure admin keys stay server-side only.
Skip if: Projects not using Supabase.
What you get
- report on service key exposure status
Related skills
Azure ComplianceRun Azure best-practice and compliance scans with azqr and audit Key Vault keys, secrets, and certificates before or after shipping workloads.401k1.2k
Openclaw Secure Linux CloudDeploy OpenClaw on a hardened Linux cloud VPS with rootless Podman and SSH-tunneled control UI access.225k61Entra Agent IdProvision Microsoft Entra Agent Identity blueprints and per-instance agent principals, then configure OAuth fmi_path and OBO token exchange for production AI agents.126k1.2k
Firebase Security Rules AuditorRed-team Firestore security rules after edits so solo builders catch update bypasses and authority bugs before production.50.5k345
Golang SecurityInstall this when your solo Go API needs agent-guided fixes for sessions, password hashing, and other common backend security traps before you ship.22k2kFirestore Security Rules AuditorRed-team Firestore security rules after edits so create/update gaps, authority spoofing, and abuse paths get caught before production.20.3k345