Hikkywannafly/supabase-setup
skills/supabase-setup/SKILL.md
Spin up Supabase project schema, run migrations, and configure Row Level Security (RLS) for vibe-kit projects. Activated when a new database table or auth flow is needed. Non-dev safe — generates SQL, does not require user to understand SQL syntax.
development
Updated Apr 25, 2026
$ install --global
skillsauthnpx skillsauth add Hikkywannafly/vibe-kit supabase-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 5:14 PM200.3s1 file scanned
SKILL.md
- name:
- supabase-setup
- description:
- >
- argument-hint:
- [ten-bang hoac 'kiem tra ket noi']
supabase-setup — Database Bootstrap
Purpose
Generate and apply Supabase schema, migrations, and RLS policies for vibe-kit projects. Reads project requirements and produces ready-to-run SQL.
When to Activate
- First run: create initial tables for a new project
- Adding a new feature that needs a database table
- Setting up auth (always pairs with
auth-magic-linkskill) - Debugging "permission denied" or "relation does not exist" errors
Workflow
1. Verify Connection
# Check env vars exist
grep -E "SUPABASE_URL|SUPABASE_ANON_KEY" .env.local
2. Generate Migration SQL
For a typical e-commerce schema:
-- Create products table
create table if not exists public.products (
id uuid primary key default gen_random_uuid(),
name text not null,
price_vnd integer not null,
description text,
image_url text,
created_at timestamptz default now()
);
-- Create orders table
create table if not exists public.orders (
id uuid primary key default gen_random_uuid(),
user_id uuid references auth.users(id),
status text default 'pending',
total_vnd integer not null,
created_at timestamptz default now()
);
3. Apply RLS Policies
-- Enable RLS
alter table public.products enable row level security;
alter table public.orders enable row level security;
-- Products: anyone can read, only service role can write
create policy "products_public_read" on public.products
for select using (true);
-- Orders: users see only their own
create policy "orders_own" on public.orders
for all using (auth.uid() = user_id);
4. Apply via Supabase CLI or Dashboard
# Via CLI (if installed)
npx supabase db push
# Via dashboard: paste SQL into SQL Editor at supabase.com/dashboard
Common Patterns
| Use Case | Tables Needed |
|----------|--------------|
| Shop | products, orders, order_items |
| Booking | services, bookings, time_slots |
| Blog | posts, categories, tags |
| SaaS | profiles, subscriptions, usage_logs |
RLS Quick Reference
for select using (true)— public readfor all using (auth.uid() = user_id)— owner onlyfor insert with check (auth.uid() is not null)— any logged-in user
Related Skills
Hikkywannafly/vietnamese-copy
data-ai
VerifiedTrustedCommunity
Generate Vietnamese marketing copy, UI strings, CTAs, error messages, and email templates for vibe-kit projects. Tone: friendly, conversational, Southern Vietnamese style. Activated for any user-visible text generation.
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe
development
VerifiedTrustedCommunity
One-shot orchestrator. Turns the prose after /vibe into a shipped product by clarifying intent, rendering a plan, gating on approval, then spawning planner+researcher+fullstack-dev+tester+reviewer agents in sequence. User-visible strings match the user's input language (Vietnamese by default for VN users). Two modes: SAFE (default — clarify + show plan + wait for approval, max 1 round-trip) and YOLO (skip clarify+approval, run full auto with smart defaults — for demos and power users). YOLO triggers: prose contains `yolo`, `nhanh nha`, `lam luon`, `khoi hoi`, `auto`, or args start with `yolo`. Trigger phrases (EN + VN): "build me a site", "make me a landing page", "create a shop", "I need an app", "vibe lam website", "tao cho toi mot", "xay dung shop online", "lam landing page", "can mot app".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-security
tools
VerifiedTrustedCommunity
On-demand security audit for vibe-kit projects. Stack-aware checks for Next.js App Router + Supabase + Polar: secrets leak, RLS gaps, service-role key in client bundle, missing webhook signature verification, unprotected API routes, weak headers, dependency vulns. Outputs a Vietnamese P0/P1/P2 report with file:line + fix hints. User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "check security", "audit it", "security scan", "is this safe to launch", "kiem tra bao mat", "quet bao mat", "audit du an", "co an toan khong", "scan bao mat truoc khi deploy".
SKILL.mdUpdated Apr 25, 2026
Hikkywannafly/vibe-rn-supabase
tools
VerifiedTrustedCommunity
Wire Supabase JS client into a React Native (Expo) vibe-kit project: session persistence via AsyncStorage, magic-link OAuth callback via expo-linking deep links, Realtime subscriptions on RN, and shared TypeScript types with the Next.js webapp twin (vibe-kit's typical web<->mobile pair pattern). This is the mobile counterpart of `auth-magic-link` (web). User-visible strings match the user's input language (Vietnamese by default for VN users). Trigger phrases (EN + VN): "supabase react native", "supabase mobile", "auth mobile expo", "magic link mobile", "tich hop supabase vao app", "supabase deep link".
SKILL.mdUpdated Apr 25, 2026