auth-supabase

Implements secure Supabase authentication flows for signup, login, and session management, ensuring best practices are followed.

Install this skill

or

50/100

Security score

The auth-supabase skill was audited on Feb 9, 2026 and we found 26 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 368

Template literal with variable interpolation in command context

SourceSKILL.md

368	emailRedirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/callback`,

medium line 632

Template literal with variable interpolation in command context

SourceSKILL.md

632	redirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/reset-password`,

medium line 673

Template literal with variable interpolation in command context

SourceSKILL.md

673	redirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/callback`,

medium line 717

Template literal with variable interpolation in command context

SourceSKILL.md

717	return NextResponse.redirect(`${requestUrl.origin}/dashboard`)

medium line 788

Template literal with variable interpolation in command context

SourceSKILL.md

788	return <div>{user ? `Logged in as ${user.email}` : 'Not logged in'}</div>

medium line 159

Access to .env file

SourceSKILL.md

159	Required Variables (.env.local):

low line 222

Access to .env file

SourceSKILL.md

222	process.env.NEXT_PUBLIC_SUPABASE_URL!,

low line 223

Access to .env file

SourceSKILL.md

223	process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!

low line 237

Access to .env file

SourceSKILL.md

237	process.env.NEXT_PUBLIC_SUPABASE_URL!,

low line 238

Access to .env file

SourceSKILL.md

238	process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

low line 277

Access to .env file

SourceSKILL.md

277	process.env.NEXT_PUBLIC_SUPABASE_URL!,

low line 278

Access to .env file

SourceSKILL.md

278	process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,

low line 368

Access to .env file

SourceSKILL.md

368	emailRedirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/callback`,

low line 632

Access to .env file

SourceSKILL.md

632	redirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/reset-password`,

low line 673

Access to .env file

SourceSKILL.md

673	redirectTo: `${process.env.NEXT_PUBLIC_SITE_URL}/auth/callback`,

low line 163

External URL reference

SourceSKILL.md

163	NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co

low line 170

External URL reference

SourceSKILL.md

170	NEXT_PUBLIC_SITE_URL=http://localhost:3000

low line 171

External URL reference

SourceSKILL.md

171	NEXT_PUBLIC_REDIRECT_URL=http://localhost:3000/auth/callback

low line 185

External URL reference

SourceSKILL.md

185	NEXT_PUBLIC_SITE_URL=https://yourdomain.com

low line 186

External URL reference

SourceSKILL.md

186	NEXT_PUBLIC_REDIRECT_URL=https://yourdomain.com/auth/callback

low line 192

External URL reference

SourceSKILL.md

192	- [ ] Set Site URL: `https://yourdomain.com`

low line 194

External URL reference

SourceSKILL.md

194	- `http://localhost:3000/auth/callback` (development)

low line 195

External URL reference

SourceSKILL.md

195	- `https://yourdomain.com/auth/callback` (production)

low line 937

External URL reference

SourceSKILL.md

937	- [Supabase Auth Documentation](https://supabase.com/docs/guides/auth)

low line 938

External URL reference

SourceSKILL.md

938	- [Supabase Auth Helpers for Next.js](https://supabase.com/docs/guides/auth/auth-helpers/nextjs)

low line 939

External URL reference

SourceSKILL.md

939	- [Row Level Security Guide](https://supabase.com/docs/guides/auth/row-level-security)

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 106

Rate this skill

Categorydevelopment

UpdatedMay 21, 2026

openclaw backend backend-developer product-manager growth-pm supabase development product

majiayu000/claude-skill-registry