theeabrarrr/rls-security-enforcer
.agents/skills/rls-security-enforcer/SKILL.md
Strictly enforces Row Level Security (RLS) policies and tenant isolation for multi-tenant applications. Use this skill when creating new database tables, writing Server Actions, or debugging cross-tenant data leaks.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add theeabrarrr/LPG-Connect rls-security-enforcerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 8:30 PM19.8s1 file scanned
SKILL.md
- name:
- rls-security-enforcer
- description:
- Strictly enforces Row Level Security (RLS) policies and tenant isolation for multi-tenant applications. Use this skill when creating new database tables, writing Server Actions, or debugging cross-tenant data leaks.
RLS Security Enforcer Skill
This skill ensures strict multi-tenant isolation across the SaaS platform to prevent data leakage between tenants.
Workflow
1. Database Level (RLS Policies)
For every table, ensure RLS is enabled and policies are properly defined:
- SELECT: Users can only read rows where
tenant_idmatches their own (unless they are a super admin). - INSERT/UPDATE/DELETE: Strict checks verifying the actor's role and
tenant_id. - No Public Access: Never use "Public" policies (e.g.,
true) for any table containing tenant data.
2. Application Level (Server Actions)
Never trust client inputs for tenant_id. Always fetch it securely on the server:
- Fetch Securely: Always import and use
const tenantId = await getCurrentUserTenantId()from@/lib/utils/tenantHelper. - Filter Explicitly: Append
.eq('tenant_id', tenantId)to ALL Supabase data queries, even if RLS is enabled (defense-in-depth). - Verify Ownership: Before updating or deleting a record by UUID, first query to verify that the record's
tenant_idmatches the current user'stenant_id. If it does not, throw an authorization error and log a security alert.
Related Skills
theeabrarrr/skill-creator
tools
VerifiedTrustedCommunity
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.
SKILL.mdUpdated Apr 16, 2026
theeabrarrr/transaction-integrity
testing
VerifiedTrustedCommunity
Enforces atomic transactions for operations spanning multiple database tables (e.g., Orders, Ledgers, Inventory) to prevent partial updates. Use this skill when implementing financial logic, order processing, or any multi-table mutations.
SKILL.mdUpdated Apr 16, 2026
theeabrarrr/system-reality-auditor
development
VerifiedTrustedCommunity
Performs a triple-point audit to synchronize codebase, database schema, and project documentation states. Use this skill to align the PRD, Gap Analysis, and Execution Plan with the actual system reality.
SKILL.mdUpdated Apr 16, 2026
theeabrarrr/supabase-postgres-best-practices
data-ai
VerifiedTrustedCommunity
Postgres performance optimization and best practices from Supabase. Use this skill when writing, reviewing, or optimizing Postgres queries, schema designs, or database configurations.
SKILL.mdUpdated Apr 16, 2026