Kikimora
← all integrations

Database & Backend

Supabase

Security advisors, auth configuration, and Postgres logs - your backend, watched.

TRY ASKING:

“Show me all security recommendations for the project.”

  • “Which tables have row level security disabled?”
  • “Audit auth settings for weak password rules or open sign-ups.”
  • “Check Postgres logs for unusual access in the last 24 hours.”

Kikimora reviews your Supabase projects the way a security engineer would: advisors first, then auth configuration, then the logs.

Watch your Supabase backend from one conversation

The integration covers the three layers where Supabase risk tends to hide: the built-in security advisors and their recommendations, auth configuration such as password rules and row level security, and the Postgres logs that show unusual access. Row level security being off on a table that holds user data is the classic Supabase mistake, and it is exactly the kind of thing the agent can find in one question instead of a manual review. Supabase makes it fast to ship a backend, which is also why a sensitive table can go live with its policies wide open. The advisors flag a lot of this already, but their value depends on someone actually reading them. Putting the advisor output, the auth settings, and the access logs into one conversation means the warnings get reviewed instead of piling up in a dashboard nobody opens.

What you can do

  • Pull security advisor recommendations per project.
  • Audit auth configuration for weak settings.
  • Check Postgres logs for unusual access patterns.

Things you might ask

  • “Which tables in the project still have row level security disabled?”
  • “Show every advisor recommendation marked as a security risk, newest first.”
  • “Are there sign-ins from unexpected locations in the Postgres logs this week?”

Supabase is one piece of the backend. Pair it with the PlanetScale integration so schema changes and access control across your database layer get reviewed in the same conversation, and the whole data tier stays in one view.

Connect Supabase - free Browse all integrations

[ faq ]

What access does the Supabase integration need? +

A read-scoped key or service role for the projects you want covered. That lets the agent read security advisors, auth configuration, and logs. It is read-only.

Does it read the contents of my database? +

It focuses on configuration and security signals, the advisor recommendations, auth settings, and log patterns, rather than your application data.

How long does it take to set up? +

A few minutes per project. Provide the project reference and a read-scoped key. There is nothing to deploy alongside Supabase.

Can it review more than one project? +

Yes. Connect several projects and ask questions across all of them, for example which ones still have row level security off on a sensitive table.

More in Database & Backend

PlanetScale