Supabase security scan

See what's exposed in your Supabase, clearly.

Paste your project URL, choose Snapshot or Subscription, and we'll run a scan with fixes you can ship.

Mockly scan

supabase-project.co

Snapshot scan · Read-only access

3 issues

RLSStorageRPCPoliciesTables

Exposure summary3 found

Public table reachableHigh

RLS not enforcedMedium

Storage listing enabledMedium

FindingsHigh 1 · Medium 2

Public table: `profiles`High

RLS missing on `notes`Medium

Storage bucket listedMedium

Fix preview

ALTER TABLE profiles ENABLE ROW LEVEL SECURITY;

Tables

18 checked

Policies

6 flagged

Storage

2 public

Read-only by default

We scan. You decide what to apply.

Keys handled safely

Anon key is public. Service role is optional.

Actionable output

Clear exposure report + SQL fixes you can ship.

Coverage

Clear checks. Clear outputs.

Mockly focuses on what matters: exposures, policy gaps, and fixes you can apply confidently.

Security coverage overview

Public access

Tables reachable with public client credentials.

RLS enforcement

Where RLS must be enabled for policies to work.

Policy inspection

Detect overly-permissive rules (deep access when available).

Storage exposure

Buckets, object listing, and guessable filenames.

RPC exposure

Public functions that should be locked down.

Sensitive signals

Risky column names that often hide secrets or PII.

Protection

We stop the hacks, so you can focus on building.

These are the leaks hackers look for first. Mockly finds them fast, then shows the fix.

Public tables exposed.

RLS not enforced.

Policies that read everything.

Storage listing enabled.

Guessable file URLs.

Exposed RPC admin actions.

Explore protections

Pick one.

Select one to view.

FAQ

See what's exposed in your Supabase, clearly.

Clear checks. Clear outputs.

We stop the hacks, so you can focus on building.

Quick answers.