Clourou

Daily Supabase security & performance check

Run Supabase's security and performance advisors every morning and get a digest of new issues.

Weekdays at 8:00 AMEngineering Emailed to you
Use this routine →Opens prefilled — review and save.
Works with
The instructions
Every weekday morning, run Supabase's advisors on my project and tell me about anything that needs
attention — before it becomes an incident.

Check both the security advisors and the performance advisors. Then report:

- Security: anything flagged — tables without RLS, exposed views, function search-path issues, leaked
  keys — grouped by severity, each with the object it affects and the one-line fix.
- Performance: unindexed foreign keys, unused indexes, slow-query hints, and similar, most impactful
  first.
- A count at the top and a clear "nothing new since yesterday" if the list is clean.

Keep it a tight, scannable list with the fix for each item — not raw output. Read only: don't change
anything, just report.
What a run emails you
Supabase advisors — myproject — 30 Jun 2026

3 security · 2 performance

🔴 Security
• Table public.invoices has no RLS enabled → enable RLS + add policies
• View public.user_emails exposes auth.users → restrict or drop
• Function handle_new_user has a mutable search_path → set search_path = ''

🟡 Performance
• FK orders.customer_id is unindexed → add index on customer_id
• Index idx_old_sessions is unused (0 scans / 30d) → consider dropping

Nothing else changed since yesterday.

Supabase's advisors already know what's risky about your database — missing row-level security, exposed views, unindexed foreign keys — but nobody checks them until something breaks. This routine runs them every morning and emails only what needs attention, each with its fix, so security and performance drift gets caught early.

How it works

  • It uses Supabase to run the security and performance advisors on your project.
  • One prioritized digest lands in your inbox each weekday, with the fix for each item.
  • It's read-only — the routine reports advisories, it never changes your database.

Make it yours

  • Focus it on security only, or only surface high-severity items.
  • Scope it to one project, or run separate routines per project.
  • Widen to weekly for a stable database, or add a step to open a ticket for each new finding.

Run “Daily Supabase security & performance check” on autopilot

Copy it to your account, tweak the details, and it runs weekdays at 8:00 am.

Use this routine →

More Engineering templates

← All templates