Hey everyone,
We're a small team working on LeakScope, a black-box tool that scans Supabase apps for common security issues by just pasting the public URL. No login, no credentials needed — it looks at what's exposed publicly (JS bundles, network requests, endpoints) and flags things like leaked keys (anon/service_role, third-party tokens), weak/missing RLS, IDOR risks, exposed data, etc.
Right now we're focused on the next steps:
We're trying to keep it useful for vibe coders and small teams who ship quickly but want to catch the obvious stuff early.
Curious what you think would be most helpful next:
If you've scanned an app already or have thoughts on Supabase security pitfalls, we'd really appreciate hearing them — no promo, just trying to build something that actually helps.
Thanks!
StylePristine4057 introduces LeakScope, a security scanner for Supabase apps, seeking feedback on its roadmap. The tool scans public URLs for security issues like leaked keys and weak RLS. The team is considering features like deeper scans, scheduled monitoring, and a CLI version. They ask the community for input on prioritizing these features.
No astroturfing or synthetic engagement. Posts and comments must reflect genuine human engagement. Content that exists primarily to manipulate sentiment, simulate community activity, or feed AI training pipelines will be removed.