supabase — for Claude Code supabase, agency, community, for Claude Code, ide skills, public, auth.uid(), user_metadata, raw_user_meta_data, auth.jwt()

v0.1.0

关于此技能

适用场景: Ideal for AI agents that need 1. supabase changes frequently — verify against current docs before. 本地化技能摘要: Supabase changes frequently — verify against current docs before implementing. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

功能特性

1. Supabase changes frequently — verify against current docs before
implementing. Do not rely on training data for Supabase features. Function
signatures, config.toml settings, and API conventions change between versions.
Before implementing, look up the relevant topic using the documentation access
2. Verify your work. After implementing any fix, run a test query to confirm

# 核心主题

TrevorPLam TrevorPLam
[0]
[0]
更新于: 4/19/2026

Killer-Skills Review

Decision support comes first. Repository text comes second.

Reference-Only Page Review Score: 10/11

This page remains useful for teams, but Killer-Skills treats it as reference material instead of a primary organic landing page.

Original recommendation layer Concrete use-case guidance Explicit limitations and caution Quality floor passed for review
Review Score
10/11
Quality Score
60
Canonical Locale
en
Detected Body Locale
en

适用场景: Ideal for AI agents that need 1. supabase changes frequently — verify against current docs before. 本地化技能摘要: Supabase changes frequently — verify against current docs before implementing. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

核心价值

推荐说明: supabase helps agents 1. supabase changes frequently — verify against current docs before. Supabase changes frequently — verify against current docs before implementing. This AI agent skill supports Claude Code

适用 Agent 类型

适用场景: Ideal for AI agents that need 1. supabase changes frequently — verify against current docs before.

赋予的主要能力 · supabase

适用任务: Applying 1. Supabase changes frequently — verify against current docs before
适用任务: Applying implementing. Do not rely on training data for Supabase features. Function
适用任务: Applying signatures, config.toml settings, and API conventions change between versions

! 使用限制与门槛

  • 限制说明: implementing. Do not rely on training data for Supabase features. Function
  • 限制说明: 3. Recover from errors, don't loop. If an approach fails after 2-3 attempts,
  • 限制说明: publishable keys for frontend code. Legacy anon keys are only for

Why this page is reference-only

  • - Current locale does not satisfy the locale-governance contract.

Source Boundary

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

评审后的下一步

先决定动作,再继续看上游仓库材料

Killer-Skills 的主价值不应该停在“帮你打开仓库说明”,而是先帮你判断这项技能是否值得安装、是否应该回到可信集合复核,以及是否已经进入工作流落地阶段。

实验室 Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

常见问题与安装步骤

以下问题与步骤与页面结构化数据保持一致,便于搜索引擎理解页面内容。

? FAQ

supabase 是什么?

适用场景: Ideal for AI agents that need 1. supabase changes frequently — verify against current docs before. 本地化技能摘要: Supabase changes frequently — verify against current docs before implementing. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows.

如何安装 supabase?

运行命令:npx killer-skills add TrevorPLam/agency/supabase。支持 Cursor、Windsurf、VS Code、Claude Code 等 19+ IDE/Agent。

supabase 适用于哪些场景?

典型场景包括:适用任务: Applying 1. Supabase changes frequently — verify against current docs before、适用任务: Applying implementing. Do not rely on training data for Supabase features. Function、适用任务: Applying signatures, config.toml settings, and API conventions change between versions。

supabase 支持哪些 IDE 或 Agent?

该技能兼容 Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer。可使用 Killer-Skills CLI 一条命令通用安装。

supabase 有哪些限制?

限制说明: implementing. Do not rely on training data for Supabase features. Function;限制说明: 3. Recover from errors, don't loop. If an approach fails after 2-3 attempts,;限制说明: publishable keys for frontend code. Legacy anon keys are only for。

安装步骤

  1. 1. 打开终端

    在你的项目目录中打开终端或命令行。

  2. 2. 执行安装命令

    运行:npx killer-skills add TrevorPLam/agency/supabase。CLI 会自动识别 IDE 或 AI Agent 并完成配置。

  3. 3. 开始使用技能

    supabase 已启用,可立即在当前项目中调用。

! 参考页模式

此页面仍可作为安装与查阅参考,但 Killer-Skills 不再把它视为主要可索引落地页。请优先阅读上方评审结论,再决定是否继续查看上游仓库说明。

Upstream Repository Material

The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.

Upstream Source

supabase

Supabase changes frequently — verify against current docs before implementing. This AI agent skill supports Claude Code, Cursor, and Windsurf workflows. 1.

SKILL.md
Readonly
Upstream Repository Material
The section below is imported from the upstream repository and should be treated as secondary evidence. Use the Killer-Skills review above as the primary layer for fit, risk, and installation decisions.
Supporting Evidence

Supabase

Core Principles

1. Supabase changes frequently — verify against current docs before implementing. Do not rely on training data for Supabase features. Function signatures, config.toml settings, and API conventions change between versions. Before implementing, look up the relevant topic using the documentation access methods below.

2. Verify your work. After implementing any fix, run a test query to confirm the change works. A fix without verification is incomplete.

3. Recover from errors, don't loop. If an approach fails after 2-3 attempts, stop and reconsider. Try a different method, check documentation, inspect the error more carefully, and review relevant logs when available. Supabase issues are not always solved by retrying the same command, and the answer is not always in the logs, but logs are often worth checking before proceeding.

4. RLS by default in exposed schemas. Enable RLS on every table in any exposed schema, especially public. This is critical in Supabase because tables in exposed schemas can be reachable through the Data API. For private schemas, prefer RLS as defense in depth. After enabling RLS, create policies that match the actual access model rather than defaulting every table to the same auth.uid() pattern.

5. Security checklist. When working on any Supabase task that touches auth, RLS, views, storage, or user data, run through this checklist. These are Supabase-specific security traps that silently create vulnerabilities:

  • Auth and session security

    • Never use user_metadata claims in JWT-based authorization decisions. In Supabase, raw_user_meta_data is user-editable and can appear in auth.jwt(), so it is unsafe for RLS policies or any other authorization logic. Store authorization data in raw_app_meta_data / app_metadata instead.
    • Deleting a user does not invalidate existing access tokens. Sign out or revoke sessions first, keep JWT expiry short for sensitive apps, and for strict guarantees validate session_id against auth.sessions on sensitive operations.
    • If you use app_metadata or auth.jwt() for authorization, remember JWT claims are not always fresh until the user's token is refreshed.
  • API key and client exposure

    • Never expose the service_role or secret key in public clients. Prefer publishable keys for frontend code. Legacy anon keys are only for compatibility. In Next.js, any NEXT_PUBLIC_ env var is sent to the browser.
  • RLS, views, and privileged database code

    • Views bypass RLS by default. In Postgres 15 and above, use CREATE VIEW ... WITH (security_invoker = true). In older versions of Postgres, protect your views by revoking access from the anon and authenticated roles, or by putting them in an unexposed schema.
    • UPDATE requires a SELECT policy. In Postgres RLS, an UPDATE needs to first SELECT the row. Without a SELECT policy, updates silently return 0 rows — no error, just no change.
    • Do not put security definer functions in an exposed schema. Keep them in a private or otherwise unexposed schema.
  • Storage access control

    • Storage upsert requires INSERT + SELECT + UPDATE. Granting only INSERT allows new uploads but file replacement (upsert) silently fails. You need all three.

For any security concern not covered above, fetch the Supabase product security index: https://supabase.com/docs/guides/security/product-security.md

Supabase CLI

Always discover commands via --help — never guess. The CLI structure changes between versions.

bash
1supabase --help # All top-level commands 2supabase <group> --help # Subcommands (e.g., supabase db --help) 3supabase <group> <command> --help # Flags for a specific command

Supabase CLI Known gotchas:

  • supabase db query requires CLI v2.79.0+ → use MCP execute_sql or psql as fallback
  • supabase db advisors requires CLI v2.81.3+ → use MCP get_advisors as fallback
  • When you need a new migration SQL file, always create it with supabase migration new <name> first. Never invent a migration filename or rely on memory for the expected format.

Version check and upgrade: Run supabase --version to check. For CLI changelogs and version-specific features, consult the CLI documentation or GitHub releases.

Supabase MCP Server

For setup instructions, server URL, and configuration, see the MCP setup guide.

Troubleshooting connection issues — follow these steps in order:

  1. Check if the server is reachable: curl -so /dev/null -w "%{http_code}" https://mcp.supabase.com/mcp A 401 is expected (no token) and means the server is up. Timeout or "connection refused" means it may be down.

  2. Check .mcp.json configuration: Verify the project root has a valid .mcp.json with the correct server URL. If missing, create one pointing to https://mcp.supabase.com/mcp.

  3. Authenticate the MCP server: If the server is reachable and .mcp.json is correct but tools aren't visible, the user needs to authenticate. The Supabase MCP server uses OAuth 2.1 — tell the user to trigger the auth flow in their agent, complete it in the browser, and reload the session.

Supabase Documentation

Before implementing any Supabase feature, find the relevant documentation. Use these methods in priority order:

  1. MCP search_docs tool (preferred — returns relevant snippets directly)
  2. Fetch docs pages as markdown — any docs page can be fetched by appending .md to the URL path.
  3. Web search for Supabase-specific topics when you don't know which page to look at.

Making and Committing Schema Changes

To make schema changes, use execute_sql (MCP) or supabase db query (CLI). These run SQL directly on the database without creating migration history entries, so you can iterate freely and generate a clean migration when ready.

Do NOT use apply_migration to change a local database schema — it writes a migration history entry on every call, which means you can't iterate, and supabase db diff / supabase db pull will produce empty or conflicting diffs. If you use it, you'll be stuck with whatever SQL you passed on the first try.

When ready to commit your changes to a migration file:

  1. Run advisorssupabase db advisors (CLI v2.81.3+) or MCP get_advisors. Fix any issues.
  2. Review the Security Checklist above if your changes involve views, functions, triggers, or storage.
  3. Generate the migrationsupabase db pull <descriptive-name> --local --yes
  4. Verifysupabase migration list --local

Reference Guides

  • Skill Feedbackreferences/skill-feedback.md MUST read when the user reports that this skill gave incorrect guidance or is missing information.

相关技能

寻找 supabase 的替代方案 (Alternative) 或可搭配使用的同类 community Skill?探索以下相关开源技能。

查看全部

openclaw-release-maintainer

Logo of openclaw
openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

333.8k
0
AI

widget-generator

Logo of f
f

为prompts.chat的信息反馈系统生成可定制的插件小部件

149.6k
0
AI

flags

Logo of vercel
vercel

React 框架

138.4k
0
浏览器

pr-review

Logo of pytorch
pytorch

Python中具有强大GPU加速的张量和动态神经网络

98.6k
0
开发者工具