Find the RLS holes before your users do.
The most common way an AI-built app leaks data is not a crash. It is quiet: row level security switched on while the policies do nothing, or switched off on a table nobody remembered. This one SQL file finds those holes in about a minute.
Free. Read-only. No install, no account access, no keys shared.
One SQL file. You paste it and run it. It reads, it never writes.
You open your Supabase SQL editor, paste the file, and run it. It reads your database's own catalog and hands back a prioritized list of the security holes that matter, each with a plain-language explanation and a copy-paste fix. It never reads your rows, changes a setting, or phones home. Read the code and see for yourself.
The five holes that leak real data.
RLS switched off
The number one leak. A table anyone can read or write, usually because it was created after row security was set up and never got locked down.
RLS on, zero policies
Row security is on but no policy exists, so the table silently blocks everything or exposes everything depending on the grant. This is the usual cause of the 42501 error.
Write policy with no WITH CHECK
A policy that checks who can write but not what they write, which lets a user insert or update rows as if they were someone else.
Policies open to everyone
A policy that looks secure but resolves to true for all, so it protects nothing while appearing to.
anon holds a direct grant
The anonymous role granted write access straight on a table, bypassing your policies entirely.
Safe by design, so you never have to trust us with anything.
No install
It is plain SQL. There is nothing to run on your machine and nothing to add to your project.
No account access
You never share your database password, your service key, or your project. You run it yourself, inside your own dashboard.
Read-only
It reads system catalogs only. It does not read your rows, write anything, or change a setting.
Works everywhere
Any Supabase project, nothing to configure. It ships with fix recipes and a Claude Code skill that writes the fixes for your exact tables.
Run your preflight.
Download the auditor, paste it into your Supabase SQL editor, and read your findings. It catches the common, repeated failure patterns fast. It is not a full penetration test, so a high-stakes app still deserves a real review. Use it as your pre-launch preflight.
The free download is the read-only auditor SQL plus a plain-language README.
Want the fixes handed to you? The full security pack adds copy-paste fix recipes for every finding class and a Claude Code skill that writes the fixes for your exact tables.
We fix broken AI-built apps for a living. RLS is what we fix most.
If the auditor flags a hole and you would rather someone just fix it, that is our work. Send us the error and we diagnose it free. You pay only after the fix is verified working, and you own the clean code.
Straight answers.
- Is it safe to run on my production database?
- Yes. It reads system catalogs only. It does not touch your data, change any setting, or send anything anywhere. You can read the whole file before you run it.
- Do I have to share my keys or give access?
- No. You paste and run it yourself inside your own Supabase SQL editor. You never share a password, a service key, or your project with anyone.
- What if it finds a problem I do not know how to fix?
- Each finding ships with a copy-paste fix recipe. If you would rather have it done for you, we fix broken AI-built apps at rescue.ticassociation.com, free diagnosis, pay only after it works.
- Is this a full security audit?
- No. It catches the common, high-frequency RLS mistakes that leak data in AI-built apps. Treat it as a fast preflight, not a replacement for a full review on a high-stakes app.