Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

hivellm/Supabase

Name: Supabase
Author: hivellm

templates/skills/modules/supabase/SKILL.md

npx skillsauth add hivellm/rulebook Supabase

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Supabase MCP Instructions

CRITICAL: Use MCP Supabase for database operations, authentication, and storage.

Core Features

Database Operations

// Query data
supabase.from('users').select('*')
supabase.from('users').select('id, name, email')

// Insert
supabase.from('users').insert({ name: 'John', email: '[email protected]' })

// Update
supabase.from('users').update({ name: 'Jane' }).eq('id', 1)

// Delete
supabase.from('users').delete().eq('id', 1)

// Filters
supabase.from('users').select('*').eq('status', 'active')
supabase.from('users').select('*').gt('age', 18)
supabase.from('users').select('*').like('name', '%John%')

Authentication

// Sign up
supabase.auth.signUp({ email, password })

// Sign in
supabase.auth.signInWithPassword({ email, password })

// Sign out
supabase.auth.signOut()

// Get session
supabase.auth.getSession()

// Get user
supabase.auth.getUser()

Storage

// Upload file
supabase.storage.from('avatars').upload('path/file.jpg', file)

// Download file
supabase.storage.from('avatars').download('path/file.jpg')

// List files
supabase.storage.from('avatars').list('folder')

// Delete file
supabase.storage.from('avatars').remove(['path/file.jpg'])

// Get public URL
supabase.storage.from('avatars').getPublicUrl('path/file.jpg')

Real-time Subscriptions

// Subscribe to changes
supabase
  .channel('room1')
  .on('postgres_changes', { 
    event: '*', 
    schema: 'public', 
    table: 'users' 
  }, (payload) => {
    console.log('Change received!', payload)
  })
  .subscribe()

Common Patterns

CRUD Operations

// Create
const { data, error } = await supabase
  .from('tasks')
  .insert({ title: 'New Task', completed: false })
  .select()

// Read
const { data, error } = await supabase
  .from('tasks')
  .select('*')
  .eq('completed', false)

// Update
const { data, error } = await supabase
  .from('tasks')
  .update({ completed: true })
  .eq('id', taskId)

// Delete
const { data, error } = await supabase
  .from('tasks')
  .delete()
  .eq('id', taskId)

Authentication Flow

// 1. Sign up user
const { data: signUpData, error: signUpError } = await supabase.auth.signUp({
  email: '[email protected]',
  password: 'secure-password'
})

// 2. Sign in
const { data: signInData, error: signInError } = await supabase.auth.signInWithPassword({
  email: '[email protected]',
  password: 'secure-password'
})

// 3. Check session
const { data: { session } } = await supabase.auth.getSession()

// 4. Sign out
await supabase.auth.signOut()

File Upload with Validation

// 1. Validate file
if (file.size > 5 * 1024 * 1024) {
  throw new Error('File too large (max 5MB)')
}

// 2. Upload
const { data, error } = await supabase.storage
  .from('uploads')
  .upload(`${userId}/${file.name}`, file, {
    cacheControl: '3600',
    upsert: false
  })

// 3. Get public URL
if (!error) {
  const { data: { publicUrl } } = supabase.storage
    .from('uploads')
    .getPublicUrl(`${userId}/${file.name}`)
}

Best Practices

✅ DO:

Use Row Level Security (RLS) policies
Handle errors properly (if (error) throw error)
Use .select() after insert/update to get returned data
Use prepared statements (automatic with Supabase)
Enable real-time only when needed
Use storage buckets with proper permissions

❌ DON'T:

Expose service role key in client code
Skip RLS policies (always enable)
Ignore error responses
Store sensitive data without encryption
Use anon key for admin operations

Configuration

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-supabase"],
      "env": {
        "SUPABASE_URL": "https://your-project.supabase.co",
        "SUPABASE_ANON_KEY": "your-anon-key",
        "SUPABASE_SERVICE_ROLE_KEY": "your-service-role-key"
      }
    }
  }
}

Security:

Use SUPABASE_ANON_KEY for client-side operations
Use SUPABASE_SERVICE_ROLE_KEY only server-side
Never commit keys to version control
Enable RLS on all tables

Integration with Development

Testing

// Use test database for development
const supabase = createClient(
  process.env.SUPABASE_TEST_URL,
  process.env.SUPABASE_TEST_KEY
)

// Clean up after tests
afterEach(async () => {
  await supabase.from('test_table').delete().neq('id', 0)
})

Migrations

# Create migration
supabase migration new add_users_table

# Apply migrations
supabase db push

# Reset database
supabase db reset

hivellm/Supabase

templates/skills/modules/supabase/SKILL.md

Use MCP Supabase for database operations, authentication, and storage.

11 stars

tools

Updated Apr 30, 2026

$ install --global

skillsauth

npx skillsauth add hivellm/rulebook Supabase

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 30, 2026, 3:17 AM373.6s1 file scanned

SKILL.md

name:: Supabase
description:: Use MCP Supabase for database operations, authentication, and storage.
version:: 1.0.0
category:: modules
author:: Rulebook
tags:: ["modules", "mcp"]
dependencies:: []
conflicts:: []

Supabase MCP Instructions

CRITICAL: Use MCP Supabase for database operations, authentication, and storage.

Core Features

Database Operations

// Query data
supabase.from('users').select('*')
supabase.from('users').select('id, name, email')

// Insert
supabase.from('users').insert({ name: 'John', email: '[email protected]' })

// Update
supabase.from('users').update({ name: 'Jane' }).eq('id', 1)

// Delete
supabase.from('users').delete().eq('id', 1)

// Filters
supabase.from('users').select('*').eq('status', 'active')
supabase.from('users').select('*').gt('age', 18)
supabase.from('users').select('*').like('name', '%John%')

Authentication

// Sign up
supabase.auth.signUp({ email, password })

// Sign in
supabase.auth.signInWithPassword({ email, password })

// Sign out
supabase.auth.signOut()

// Get session
supabase.auth.getSession()

// Get user
supabase.auth.getUser()

Storage

// Upload file
supabase.storage.from('avatars').upload('path/file.jpg', file)

// Download file
supabase.storage.from('avatars').download('path/file.jpg')

// List files
supabase.storage.from('avatars').list('folder')

// Delete file
supabase.storage.from('avatars').remove(['path/file.jpg'])

// Get public URL
supabase.storage.from('avatars').getPublicUrl('path/file.jpg')

Real-time Subscriptions

// Subscribe to changes
supabase
  .channel('room1')
  .on('postgres_changes', { 
    event: '*', 
    schema: 'public', 
    table: 'users' 
  }, (payload) => {
    console.log('Change received!', payload)
  })
  .subscribe()

Common Patterns

CRUD Operations

// Create
const { data, error } = await supabase
  .from('tasks')
  .insert({ title: 'New Task', completed: false })
  .select()

// Read
const { data, error } = await supabase
  .from('tasks')
  .select('*')
  .eq('completed', false)

// Update
const { data, error } = await supabase
  .from('tasks')
  .update({ completed: true })
  .eq('id', taskId)

// Delete
const { data, error } = await supabase
  .from('tasks')
  .delete()
  .eq('id', taskId)

Authentication Flow

// 1. Sign up user
const { data: signUpData, error: signUpError } = await supabase.auth.signUp({
  email: '[email protected]',
  password: 'secure-password'
})

// 2. Sign in
const { data: signInData, error: signInError } = await supabase.auth.signInWithPassword({
  email: '[email protected]',
  password: 'secure-password'
})

// 3. Check session
const { data: { session } } = await supabase.auth.getSession()

// 4. Sign out
await supabase.auth.signOut()

File Upload with Validation

// 1. Validate file
if (file.size > 5 * 1024 * 1024) {
  throw new Error('File too large (max 5MB)')
}

// 2. Upload
const { data, error } = await supabase.storage
  .from('uploads')
  .upload(`${userId}/${file.name}`, file, {
    cacheControl: '3600',
    upsert: false
  })

// 3. Get public URL
if (!error) {
  const { data: { publicUrl } } = supabase.storage
    .from('uploads')
    .getPublicUrl(`${userId}/${file.name}`)
}

Best Practices

✅ DO:

Use Row Level Security (RLS) policies
Handle errors properly (if (error) throw error)
Use .select() after insert/update to get returned data
Use prepared statements (automatic with Supabase)
Enable real-time only when needed
Use storage buckets with proper permissions

❌ DON'T:

Expose service role key in client code
Skip RLS policies (always enable)
Ignore error responses
Store sensitive data without encryption
Use anon key for admin operations

Configuration

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-supabase"],
      "env": {
        "SUPABASE_URL": "https://your-project.supabase.co",
        "SUPABASE_ANON_KEY": "your-anon-key",
        "SUPABASE_SERVICE_ROLE_KEY": "your-service-role-key"
      }
    }
  }
}

Security:

Use SUPABASE_ANON_KEY for client-side operations
Use SUPABASE_SERVICE_ROLE_KEY only server-side
Never commit keys to version control
Enable RLS on all tables

Integration with Development

Testing

// Use test database for development
const supabase = createClient(
  process.env.SUPABASE_TEST_URL,
  process.env.SUPABASE_TEST_KEY
)

// Clean up after tests
afterEach(async () => {
  await supabase.from('test_table').delete().neq('id', 0)
})

Migrations

# Create migration
supabase migration new add_users_table

# Apply migrations
supabase db push

# Reset database
supabase db reset

Related Skills

hivellm/spec

research

VerifiedTrustedCommunity

Author a rulebook task spec interactively — research, draft, ask the user clarifying questions, confirm, then create the tasks in rulebook ready for /rulebook-driver. Use when the user wants to plan/spec a feature before implementing.

11SKILL.mdUpdated Jun 1, 2026

hivellm/Karpathy Guidelines

development

VerifiedTrustedCommunity

Behavioral guidelines to reduce common LLM coding mistakes — overcomplication, sloppy refactors, hidden assumptions, weak goals. Use when writing, reviewing, or refactoring code. Auto-applies; invoke explicitly via /karpathy-guidelines or 'follow karpathy discipline'.

11SKILL.mdUpdated May 2, 2026

hivellm/Karpathy Guidelines

hivellm/Ralph Autonomous Loop

data-ai

VerifiedTrustedCommunity

Autonomous AI agent loop for iterative task implementation (@hivehub/rulebook ralph)

11SKILL.mdUpdated Apr 30, 2026

hivellm/Ralph Autonomous Loop

hivellm/SQL Server

data-ai

VerifiedTrustedCommunity

Use SQL Server for enterprise relational data storage with advanced features, high availability, and Windows integration.

11SKILL.mdUpdated Apr 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/hivellm/rulebook.git

# Copy into Claude Code skills folder (global)
cp -r rulebook/templates/skills/modules/supabase ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

hivellm/rulebook

11 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT