Agent skill

draconian_rls_audit

Default-Deny security posture for Supabase. Mandates strict RLS and 'WITH CHECK' clauses.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/draconian-rls-audit-cityfish91159-maihouses

SKILL.md

Draconian RLS Audit Protocol

1. Zero Trust (Default-Deny)

  • Mandate: Every Table MUST have RLS enabled.
  • Policy: The default state of any table should be NO ACCESS. Access is granted explicitly via Policy.
  • Detector: Run SELECT ... WHERE rowsecurity = false to hunt down naked tables.

2. The "WITH CHECK" Imperative

  • Vulnerability: An INSERT or UPDATE policy without WITH CHECK allows users to write data they cannot read, or worse, escalate privileges (e.g., "Give myself admin role").
  • Rule: ALL modification policies MUST have a WITH CHECK clause matching the USING clause (or stricter).

3. Client-Side Key Ban

  • Strict Rule: The string service_role MUST NOT exist in any file within src/.
  • Enforcement: Grep for it. If found, STOP and warn the user.

4. Explicit auth.uid() Binding

  • Rule: Policies should almost always bind to auth.uid().
  • Ban: Never hardcode UUIDs or email addresses in SQL policies.

5. Audit Checklist

  • RLS enabled?
  • Default policy is DENY?
  • WITH CHECK present on writes?
  • No service_role in client code?

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results