Supabase audit

Audit your Supabase app's security posture

Scans your live app for Supabase misconfigurations - exposed anon keys, missing RLS, and secrets in the client bundle.

Supabase apps built with AI tools frequently ship with RLS disabled. The anon key is public (that's fine), but without RLS, that anon key lets anyone query your database directly. This tool checks your live app for both: the presence of Supabase credentials in the source, and whether a basic anonymous REST call to the profiles table returns data without authentication.