This audits your Supabase auth settings and flags security gaps you might miss during setup. It checks whether email confirmation is enabled, tests password requirements, identifies enabled OAuth providers, and reviews CORS configuration. You'll want to run this before going to production or if you inherited a project and need to know what's exposed. The real value is in catching the common stuff like open signups with no email verification or six character password minimums. It writes findings progressively to context files so you don't lose results if something crashes mid-audit. Think of it as a security checklist that actually runs the checks instead of just handing you a list.
npx skills add https://github.com/yoanbernabeu/supabase-pentest-skills --skill supabase-audit-auth-config