supabase-evidence_skill

This skill initializes and manages progressive evidence collection for professional security audits, ensuring immediate evidence saving and organized reporting.

27

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill yoanbernabeu/supabase-pentest-skills --skill supabase-evidence

  • SKILL.md11.5 KB

Overview

This skill initializes and manages a progressive evidence collection directory for professional Supabase security audits. It ensures every request, response, command, and analysis is saved immediately during the audit to preserve reproducibility and legal proof. The structure, naming, and redaction rules are enforced so evidence is consistent and safe for reporting.

How this skill works

On start it creates a standardized .sb-pentest-evidence/ tree and placeholders for each test category. During the audit it writes evidence files incrementally: request placeholders before tests, request/response pairs immediately after each interaction, and analysis entries once a finding is evaluated. It also appends reproducible curl commands, updates a chronological timeline, and maintains a context file summarizing evidence counts and critical items.

When to use it

  • Automatically at the start of a supabase-pentest run
  • When you need auditable, reproducible proof of findings
  • For compliance, legal, or remediation verification purposes
  • While running any Supabase audit sub-skill that produces API/storage/auth evidence
  • When building a report that must reference primary evidence files

Best practices

  • Always save evidence progressively — create placeholders before tests and write results immediately after
  • Use the provided directory structure and naming conventions for consistent indexing
  • Redact sensitive values per rules: mask PII and only show key prefixes/suffixes
  • Collect raw API responses, curl commands, timestamps, and analysis for each test
  • Append a short timeline entry for every significant finding to maintain chronological context

Example use cases

  • Start-of-audit initialization for a full Supabase pentest to collect reproducible artifacts
  • Capturing a P0 service-key exposure with full request/response and decoded payload saved immediately
  • Recording RLS test attempts: save anon vs. authenticated responses and analysis per test
  • Collecting storage bucket listings and direct URL access tests with sample redacted file contents
  • Generating curl-commands.sh entries while performing API enumeration so investigators can reproduce steps

FAQ

Because evidence is saved progressively, previous files remain intact; resume by continuing to append new evidence and update timeline and context files.

How should sensitive data be stored in evidence files?

Redact personal data and secrets: mask PII, never store full passwords or API keys (show only first/last 4 chars), and mark redacted fields clearly in evidence JSON.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
supabase-evidence skill by yoanbernabeu/supabase-pentest-skills | VeilStrat