supabase-audit-auth-users
CommunityDetect user existence leaks in Supabase auth.
Authoryoanbernabeu
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security auditors identify and quantify user enumeration vulnerabilities in Supabase authentication flows. By testing signup, login, recovery, and OTP endpoints, it reveals where account existence information leaks through messages, timing, or codes, enabling focused remediation.
Core Features & Use Cases
- Timing-based enumeration: Detects differences in response time between existing and non-existing users during login and OTP requests.
- Explicit messages analysis: Evaluates error texts during signup and OTP validation to identify direct existence disclosure.
- Progressive auditing: Logs findings, timings, and evidence progressively to support traceable security reviews and reporting.
Quick Start
Install the skill and run it against your Supabase project authentication endpoints. The skill will incrementally log context updates and populate the evidence directory as it discovers findings.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supabase-audit-auth-users Download link: https://github.com/yoanbernabeu/supabase-pentest-skills/archive/main.zip#supabase-audit-auth-users Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.