Firmis Labs
Back to home

Free Tool

Is your Supabase project exposed?

Hundreds of Supabase-backed apps have been found with open databases. Paste your project URL and anon key to check RLS policies, public tables, storage buckets, auth config, and API exposure.

RLS policiesPublic tablesStorage bucketsAuth configAPI exposure

Credentials are never stored. Scan runs read-only queries only.

Want to scan your entire AI agent stack, not just Supabase?

$ npx firmis-cli scan