supabase-gen
Generate Supabase RLS policies from Prisma schema. Use when setting up row-level security for your tables.
Why use this skill?
Automate your database security. Use supabase-gen to parse your Prisma schema and generate production-ready Row-Level Security policies for your Supabase project in seconds.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/lxgicstudios/supabase-genWhat This Skill Does
The supabase-gen skill is a specialized automation tool designed to bridge the gap between your Prisma data model and Supabase's Row-Level Security (RLS) system. Writing RLS policies manually is notoriously error-prone, requiring deep knowledge of Postgres syntax and auth context. This tool analyzes your schema.prisma file, identifies ownership patterns (like userId or orgId fields), and generates robust, ready-to-use SQL policies. It automates the creation of SELECT, INSERT, UPDATE, and DELETE rules, ensuring your data is shielded by default.
Installation
To add this skill to your OpenClaw environment, execute the following command in your terminal:
clawhub install openclaw/skills/skills/lxgicstudios/supabase-gen
Once installed, ensure you have the OPENAI_API_KEY environment variable configured in your shell, as the tool leverages GPT models to intelligently infer security intent from your schema definitions. Node.js 18+ is required for the underlying engine.
Use Cases
This tool is ideal for:
- Rapidly bootstrapping a new project when you already have your models defined in Prisma.
- Hardening existing projects that currently lack sufficient row-level protection.
- Standardizing security patterns across a codebase to ensure consistent multi-tenant isolation.
- Auditing existing security layers by generating a 'clean slate' set of policies for comparison.
Example Prompts
- "Generate RLS policies for my current schema found at prisma/schema.prisma and save them to a new migration file."
- "Review my Prisma schema for potential security risks and generate restrictive policies for my 'Order' and 'Profile' models."
- "Create RLS policies that allow users to only read their own data but allow admins to update any record."
Tips & Limitations
- Review Mandatory: Never execute auto-generated SQL in production without manual verification. The AI understands structure, but it cannot know your unique business logic requirements.
- Start Restrictive: If in doubt, configure your policies to be restrictive. It is significantly safer to block valid requests during testing than to accidentally expose sensitive user information to the public.
- Test Rigorously: Use the Supabase dashboard's SQL editor to test these policies as different roles, specifically checking how anonymous users versus authenticated owners interact with your endpoints.
- Context Awareness: The tool excels at standard patterns. If you use highly custom PostgreSQL functions in your RLS triggers, you will need to manually supplement the tool's output.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-lxgicstudios-supabase-gen": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, external-api
Related Skills
script-gen
Generate package.json scripts with AI. Use when setting up npm scripts.
email-template-gen
Generate responsive email templates. Use when building transactional emails.
branch-namer
Generate descriptive git branch names from plain English. Use when you need a branch name that follows conventions.
cloudflare-gen
Generate Cloudflare Workers configuration and code. Use when building on the edge.
adr-writer
Generate Architecture Decision Records with AI. Use when documenting technical decisions.