Supabase Agent Skill
Supabase with RLS enforcement, proper auth, edge functions, and type generation.
The Skill
Full content, every format. Copy it, download it, or install with one command.
---
description: Supabase with RLS enforcement, proper auth, edge functions, and type generation.
homepage: https://yepapi.com/skills/supabase
metadata:
tags: [supabase, database, auth, postgres]
---
# Supabase
## Rules
- **RLS is mandatory** — never create a table without Row Level Security policies
- Use `supabase.auth.getUser()` server-side (verifies JWT), not `getSession()` (reads cookie only)
- Generate TypeScript types from schema: `npx supabase gen types typescript`
- Edge Functions for server-side logic — Deno runtime, `serve()` handler
- Realtime subscriptions: channel pattern with `on('postgres_changes', ...)`
- Storage: bucket policies for access control, `createSignedUrl()` for private files
- Use Supabase client helpers: `@supabase/ssr` for Next.js, not raw `@supabase/supabase-js`
- Migrations in `supabase/migrations/` — never modify production schema manually
## Avoid
- Tables without RLS enabled — this is a security vulnerability
- `getSession()` for auth checks — it doesn't verify the JWT
- Direct database URLs in client code — always use the Supabase client
- `service_role` key in client-side code — this bypasses RLSInstall
Why Use the Supabase Skill?
Without this skill, your AI guesses at supabase patterns. It might hallucinate deprecated APIs, use outdated conventions, or miss best practices entirely. With it, your AI follows a proven ruleset — every suggestion aligns with current standards.
Drop this skill into your project and your AI instantly knows the rules. Better code suggestions, fewer errors, faster shipping.
Try These Prompts
These prompts work better with the Supabase skill installed. Your AI knows the context and writes code that fits.
"Set up Supabase with row-level security policies, auth, and type generation"
"Create a Supabase backend with real-time subscriptions, storage, and edge functions"
"Build a data layer with Supabase that handles auth, CRUD operations, and file uploads"
Supabase skill — FAQ
It enforces Supabase with RLS policies, proper auth flows, edge functions, and type generation. Your AI uses Supabase correctly with row-level security instead of skipping it.
Run `npx skills add YepAPI/skills --skill supabase` in your project root. This copies the skill file into your repo where your AI coding tool can read it automatically.
Yes, always. The skill enforces RLS policies on every table. Without RLS, any authenticated user can read all data. The skill includes patterns for user-scoped, team-scoped, and admin policies.