LeakScope — Supabase Security Auditor – Scan websites for exposed Supabase data and API leaks

Summary: LeakScope scans live websites to detect exposed Supabase data and misconfigurations, including public tables, weak RLS policies, exposed API keys, source maps, and missing security headers. It identifies what an anonymous user can access externally to help secure production apps.

What it does

LeakScope analyzes a given URL for public Supabase tables, misconfigured row-level security, exposed API keys in JavaScript, source maps in production, and absent security headers.

Who it's for

It is designed for developers and security teams using Supabase who want to audit their app’s external data exposure.

Why it matters

LeakScope addresses accidental data exposure caused by misconfigured Supabase policies and frontend keys in production environments.