Supabase Security Scanner — Free RLS, Edge Function & Auth Audit

Paste your Supabase project URL and anon key — or just your deployed app URL — to get an instant client-side security audit. Checks table access, row exposure, RPC functions, storage buckets, Edge Functions, auth configuration, and hidden tables.

What It Checks

• Exposed tables with row counts and safe write testing (actual INSERT probes)
• Sensitive column detection (passwords, tokens, API keys)
• Hidden table discovery via PGRST205 error probing (100+ common names)
• Edge Function probing — discovers 30+ common function names and checks auth requirements
• RPC function anonymous invocability
• Storage bucket public/private status with file counts
• Auth configuration analysis (signup, email confirmation, password policy)
• Cost impact estimates per vulnerability
• Risk score calculation with letter grade (A-F)

Two Scan Modes

Scan by credentials (paste URL + anon key) or scan by URL (auto-detects Supabase credentials from deployed apps via Firecrawl).

AI-Powered Fix Suggestions

Pro users can generate ready-to-paste Lovable prompts that fix each security issue with proper RLS policies and SQL migrations.

Shareable Reports

Save scan results and share them via unique URLs. Track your security posture over time.