Skip to main content
skillsFirst-partyReview first Safety Privacy
Supabase logo

Supabase Realtime Database Builder Skill

Build full-stack apps on Supabase via @supabase/supabase-js: a hosted Postgres database with row-level security, realtime subscriptions over websockets, Auth, storage, Edge Functions for serverless logic, and pgvector for embeddings.

HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:advancedType:generalVerified:draft
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://supabase.com/docs, https://github.com/JSONbored/awesome-claude/blob/main/content/skills/supabase-realtime-database.mdx
Brand
Supabase
Brand domain
supabase.com
Brand asset source
brandfetch
Package URL
/downloads/skills/supabase-realtime-database.zip
Package SHA256
e4070e1dd49d8c0871cf79e4cf9db65964522b9f8b42579f124530c5c7d858c1
Safety notes
This skill installs @supabase/supabase-js, connects to a live Supabase project, and performs database writes, Auth, and storage operations; review generated mutations and configure row-level security before running against real data., Realtime subscriptions and Edge Functions are long-lived/server-side workers; account for their lifecycle, connection limits, and cost.
Privacy notes
Requires a Supabase project URL and API keys; keep the service-role key server-only and never ship it to the client — expose only the anon key via NEXT_PUBLIC_., The app reads and writes user data and embeddings in your Supabase Postgres database; use row-level security so each user can only access their own rows.
Platform compatibility
claude-code (native-skill), codex (native-skill), windsurf (native-skill), gemini (native-skill), cursor (adapter), cli (manual-context)
Author
JSONbored
Claim status
unclaimed
Last verified
2025-10-16

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

Install command

Provided

Config snippet

Not provided

Copy snippet

Provided

Prerequisites

6 to clear

Platforms

6 listed

Difficulty

100/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

6 prerequisites to line up before setup. Have accounts and credentials ready first.

0/6 ready
Account & credentials2Install & runtime2Configuration1General1

Safety & privacy surface

Safety & privacy surface

2 safety and 2 privacy notes across 3 risk areas. Review closely: credentials & tokens.

3 areas
  • SafetyExecution & processesThis skill installs @supabase/supabase-js, connects to a live Supabase project, and performs database writes, Auth, and storage operations; review generated mutations and configure row-level security before running against real data.
  • SafetyExecution & processesRealtime subscriptions and Edge Functions are long-lived/server-side workers; account for their lifecycle, connection limits, and cost.
  • PrivacyCredentials & tokensRequires a Supabase project URL and API keys; keep the service-role key server-only and never ship it to the client — expose only the anon key via NEXT_PUBLIC_.
  • PrivacyGeneralThe app reads and writes user data and embeddings in your Supabase Postgres database; use row-level security so each user can only access their own rows.

Safety notes

  • This skill installs @supabase/supabase-js, connects to a live Supabase project, and performs database writes, Auth, and storage operations; review generated mutations and configure row-level security before running against real data.
  • Realtime subscriptions and Edge Functions are long-lived/server-side workers; account for their lifecycle, connection limits, and cost.

Privacy notes

  • Requires a Supabase project URL and API keys; keep the service-role key server-only and never ship it to the client — expose only the anon key via NEXT_PUBLIC_.
  • The app reads and writes user data and embeddings in your Supabase Postgres database; use row-level security so each user can only access their own rows.

Prerequisites

  • Supabase account (free tier available)
  • @supabase/supabase-js ^2.38.0
  • Node.js 18+
  • Supabase CLI for local development
  • Supabase project with Realtime enabled in project settings (Dashboard > Project Settings > API > Realtime)
  • Network access to Supabase API endpoints and WebSocket connections for real-time subscriptions

Schema details

Install type
package
Reading time
6 min
Difficulty score
100
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
e4070e1dd49d8c0871cf79e4cf9db65964522b9f8b42579f124530c5c7d858c1
Skill and platform metadata
Skill type
general
Skill level
advanced
Verification
draft
Verified at
2025-10-16
Retrieval sources
https://supabase.com/docshttps://firebase.google.com/docs
Tested platforms
ClaudeCodexOpenClawCursorWindsurfGemini
PlatformSupportInstall path
claude-codeNative.claude/skills/<skill-name>/SKILL.md
codexNative.agents/skills/<skill-name>/SKILL.md
windsurfNative.windsurf/skills/<skill-name>/SKILL.md
geminiNative.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursorAdapter.cursor/rules/<skill-name>.mdc
cliManualAGENTS.md or tool-specific context file
Full copyable content
import { createClient } from '@supabase/supabase-js';
import { Database } from './types/supabase';

const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;

export const supabase = createClient<Database>(supabaseUrl, supabaseAnonKey);

export const createAuthenticatedClient = (accessToken: string) => {
  return createClient<Database>(supabaseUrl, supabaseAnonKey, {
    global: {
      headers: {
        Authorization: `Bearer ${accessToken}`,
      },
    },
  });
};

About this resource

Build full-stack applications with Supabase Postgres, real-time subscriptions, Edge Functions, and pgvector AI integration for 4M+ developers. Create complete backend systems using Supabase - the open-source Firebase alternative with PostgreSQL database, real-time subscriptions via WebSockets (postgres_changes, broadcast, presence), built-in authentication with multiple providers, file storage with access control, and Edge Functions with Deno for custom business logic. Includes automatic REST and GraphQL APIs, Row Level Security (RLS) policies, TypeScript type generation, connection pooling, and pgvector for AI embeddings and similarity search.

Content

Supabase Realtime Database Builder Skill

What This Skill Enables

Claude can build complete backend systems using Supabase, the open-source Firebase alternative that raised $100M at $5B valuation in October 2025. With 4M+ developers and enterprise-scale Multigres features launching, Supabase provides PostgreSQL database, real-time subscriptions, authentication, storage, and Edge Functions - all with automatic APIs and pgvector for AI embeddings.

Compatibility

Native

  • Claude Code / Claude: native skill usage via SKILL.md.
  • Codex/OpenAI workflows: compatible with Agent Skills-style SKILL.md content as reusable workflow instructions.

Manual Adaptation

  • Gemini CLI: native skill usage via .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md where supported.
  • Cursor: use the generated .cursor/rules/*.mdc adapter for project rules.
  • OpenClaw and similar agents: use the same skill content as a reusable prompt/workflow file when native skill import is unavailable.

Prerequisites

Required:

  • Claude Pro subscription or Claude Code CLI
  • Supabase account (free tier available)
  • Node.js 18+ for client libraries
  • Basic SQL and JavaScript knowledge

What Claude handles automatically:

  • Setting up Supabase project and database schema
  • Creating Row Level Security (RLS) policies
  • Generating TypeScript types from database
  • Implementing real-time subscriptions
  • Configuring authentication with multiple providers
  • Building Edge Functions with Deno
  • Setting up Storage buckets with access control
  • Integrating pgvector for AI embeddings

How to Use This Skill

Initialize Supabase Project

Prompt: "Set up a Supabase project for a task management app with users, projects, tasks tables. Include RLS policies and TypeScript types."

Claude will:

  1. Create database schema with foreign keys
  2. Set up RLS policies for multi-tenant data
  3. Generate migration files
  4. Create TypeScript types with supabase gen types
  5. Initialize Supabase client in application
  6. Add authentication flow
  7. Configure authorization rules

Real-Time Collaboration

Prompt: "Build real-time chat functionality where users see messages instantly when posted. Include typing indicators and online presence."

Claude will:

  1. Create messages table with indexes
  2. Set up real-time subscription channel
  3. Implement message broadcasting
  4. Add presence tracking
  5. Show typing indicator
  6. Handle connection state
  7. Optimize with message batching

AI Integration with pgvector

Prompt: "Create a semantic search system using pgvector. Store document embeddings from OpenAI and enable similarity search with cosine distance."

Claude will:

  1. Enable pgvector extension
  2. Create table with vector column
  3. Generate embeddings with OpenAI
  4. Store vectors in Supabase
  5. Implement similarity search RPC
  6. Add HNSW index for performance
  7. Create semantic search API

Edge Functions for Business Logic

Prompt: "Build Edge Functions that: send welcome emails on signup, process webhook from Stripe, and run nightly data aggregation job."

Claude will:

  1. Create Deno Edge Functions
  2. Set up function triggers (database, HTTP, cron)
  3. Implement email sending with Resend
  4. Add Stripe webhook validation
  5. Create scheduled job
  6. Include error handling and logging
  7. Deploy with supabase functions deploy

Supabase vs Firebase

Supabase is often compared with Firebase as a backend-as-a-service; the core difference is Postgres vs a proprietary document store:

Dimension Supabase Firebase
Database Postgres (relational, SQL) Firestore/RTDB (NoSQL document)
Realtime Postgres changes, broadcast, presence Realtime Database / Firestore listeners
Open source Yes (self-hostable) No
Auth & storage Built-in (Postgres-backed) Built-in (Google-backed)

Choose Supabase when you want relational/SQL data, row-level security, and the option to self-host; Firebase when you prefer a fully managed Google ecosystem with a document model.

Tips for Best Results

  1. RLS is Critical: Always implement Row Level Security policies. Request policies that match your access patterns (user owns data, team members can access, public read).

  2. Type Generation: Use supabase gen types typescript to generate TypeScript types. This ensures client code matches database schema.

  3. Real-Time Channels: Supabase real-time has different channel types (postgres_changes, broadcast, presence). Specify which you need based on use case.

  4. Edge Functions with Deno: Supabase uses Deno for Edge Functions. Request Deno-compatible code (no Node.js-specific APIs).

  5. Storage Access Control: Storage buckets can be public or private. Request appropriate RLS policies for file access.

  6. Connection Pooling: For serverless deployments, use Supabase connection pooling to avoid exceeding connection limits.

Common Workflows

Complete SaaS Backend

"Build a SaaS backend with Supabase:
1. Authentication with email, Google, GitHub OAuth
2. Organizations and team member management
3. Role-based access control (owner, admin, member)
4. Real-time activity feed
5. File uploads to Storage with access control
6. Billing integration with Stripe webhooks
7. Edge Functions for business logic
8. pgvector for AI-powered search"

Social Media Platform

"Create social media backend:
1. User profiles with avatars in Storage
2. Posts with likes, comments, shares
3. Real-time notifications
4. Follow/unfollow relationships
5. Feed algorithm with RLS
6. Direct messaging with presence
7. Content moderation Edge Function
8. Full-text search with PostgreSQL"

IoT Data Collection

"Build IoT data collection system:
1. Device registration and authentication
2. Time-series data table with partitioning
3. Real-time sensor data streaming
4. Edge Functions for data aggregation
5. Alert system for threshold violations
6. Historical data analytics queries
7. Dashboard real-time updates
8. Export to CSV with Storage"

AI-Powered Knowledge Base

"Create knowledge base with AI:
1. Document storage with chunking
2. Generate embeddings with OpenAI
3. Store vectors in pgvector
4. Semantic search with similarity
5. Full-text search fallback
6. Real-time collaborative editing
7. Version history with temporal tables
8. Edge Function for embedding generation"

Troubleshooting

Issue: RLS policies blocking valid queries Solution: Check policies with EXPLAIN to see applied policies. Use service role key for admin operations. Test policies in SQL editor with set role authenticated and set request.jwt.claim.sub = 'user-id'.

Issue: Real-time subscriptions not receiving updates Solution: Verify table has REPLICA IDENTITY configured. Check RLS policies allow SELECT on rows. Confirm real-time is enabled in Supabase dashboard. Use broadcast channels if PostgreSQL changes insufficient.

Issue: Edge Functions timing out Solution: Edge Functions have 60s limit. Optimize database queries. Use connection pooling. Move long-running tasks to background jobs. Check function logs in dashboard.

Issue: Type generation failing Solution: Ensure PostgreSQL schema is valid. Check for circular foreign keys. Update Supabase CLI to latest. Use --local flag if working with local instance.

Issue: Storage upload fails Solution: Check bucket is created and RLS policies allow INSERT. Verify file size within limits. Check MIME type restrictions. Use service role for admin uploads.

Issue: Connection pool exhausted Solution: Use Supabase pooler (port 6543 instead of 5432). Implement connection caching. Close connections properly. Consider upgrading plan for more connections.

Learn More

Features

  • PostgreSQL with automatic REST and GraphQL APIs via PostgREST and pg_graphql
  • Real-time subscriptions with WebSockets (postgres_changes, broadcast, presence)
  • Built-in authentication and authorization with email, OAuth, phone, passwordless, SSO
  • pgvector for AI embeddings and similarity search with HNSW and IVFFlat indexes
  • Edge Functions with Deno for globally distributed TypeScript serverless functions
  • Storage buckets with access control, CDN, image transformations, and resumable uploads
  • Row Level Security (RLS) policies for granular data access control
  • TypeScript type generation from database schema with supabase gen types

Use Cases

  • Full-stack web applications with real-time collaboration
  • Real-time collaborative tools with presence tracking and broadcast messaging
  • AI-powered semantic search with pgvector embeddings
  • SaaS backends with multi-tenant data isolation using RLS
  • Social media platforms with real-time notifications and activity feeds
  • IoT data collection systems with time-series data and real-time streaming

Source citations

Add this badge to your README

Show that Supabase Realtime Database Builder Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/skills/supabase-realtime-database.svg)](https://heyclau.de/entry/skills/supabase-realtime-database)

How it compares

Supabase Realtime Database Builder Skill side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Package trust, Source provenance).

Field

Build full-stack apps on Supabase via @supabase/supabase-js: a hosted Postgres database with row-level security, realtime subscriptions over websockets, Auth, storage, Edge Functions for serverless logic, and pgvector for embeddings.

Open dossier

Official Supabase Agent Skills for AI coding agents working with Supabase Database, Auth, Edge Functions, Realtime, Storage, Vectors, CLI, MCP, RLS, migrations, and Postgres performance.

Open dossier

Analyze and optimize PostgreSQL queries for OLTP and OLAP workloads with AI-assisted performance tuning, indexing strategies, and execution plan analysis.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verified2025-10-16Package not verifiedPackage verified2025-10-16
Source provenanceDiffersSource-backedSource-backedNo submission link
Submitter
Install riskReview firstReview firstLow risk
Notes Safety Privacy Safety Privacy Safety Privacy
BrandSupabase logoSupabaseSupabase logoSupabase
Categoryskillsskillsskills
Sourcefirst-partysource-backedfirst-party
AuthorJSONboredSupabaseJSONbored
Added2025-10-162026-06-182025-10-16
Platforms
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Claude CodeCodexWindsurfGeminiCursorCLI
Source repo
Safety notesThis skill installs @supabase/supabase-js, connects to a live Supabase project, and performs database writes, Auth, and storage operations; review generated mutations and configure row-level security before running against real data. Realtime subscriptions and Edge Functions are long-lived/server-side workers; account for their lifecycle, connection limits, and cost.The skills guide agents toward Supabase schema, auth, RLS, migration, MCP, and Postgres work that can affect real user data; generated SQL and policies need human review. The Supabase skill explicitly treats RLS, exposed schemas, service-role keys, JWT claims, views, storage policies, and SECURITY DEFINER functions as security-sensitive areas. Do not let an agent apply migrations or production SQL just because the skill suggests a workflow; run advisors, inspect generated SQL, and verify against the intended environment. The repository includes Supabase MCP configuration for docs-only MCP access. Project-scoped MCP or database access still needs proper authentication, least privilege, and review.Setup downloads/unzips a package, and the skill connects to your database to run EXPLAIN ANALYZE and create indexes; index builds and config changes can lock tables and affect production — test against a replica or staging first.
Privacy notesRequires a Supabase project URL and API keys; keep the service-role key server-only and never ship it to the client — expose only the anon key via NEXT_PUBLIC_. The app reads and writes user data and embeddings in your Supabase Postgres database; use row-level security so each user can only access their own rows.Supabase tasks can involve schemas, SQL, RLS policies, migrations, auth settings, JWT claims, storage paths, Edge Function code, logs, and customer data. Keep SUPABASE_ACCESS_TOKEN, service_role keys, database passwords, JWT secrets, project refs, connection strings, OAuth secrets, and private schema dumps out of prompts, screenshots, public PRs, and committed configs. When using Supabase MCP or CLI tools, the connected agent may see project metadata, database structure, logs, or SQL results depending on granted permissions. Docs-only MCP access is safer than project MCP access, but user queries and docs snippets can still be forwarded into the configured model provider.Query analysis can surface table/column names and sample row values from your database; keep connection strings and credentials in environment variables and review what plans/output you share.
Prerequisites
  • Supabase account (free tier available)
  • @supabase/supabase-js ^2.38.0
  • Node.js 18+
  • Supabase CLI for local development
  • AI coding agent or skill installer compatible with Agent Skills repositories.
  • Supabase project, local Supabase app, or planned Supabase integration.
  • Current Supabase docs access, Supabase CLI help, or Supabase MCP server access for exact commands and API details.
  • Database access appropriate to the task when validating SQL, RLS, migrations, advisors, or performance fixes.
  • PostgreSQL 14+ (16+ recommended)
  • pg_stat_statements extension
  • EXPLAIN access permissions
  • psql or database client
Install
npm install @supabase/supabase-js
npx skills add supabase/agent-skills
curl -L https://heyclau.de/downloads/skills/postgresql-query-optimization.zip -o postgresql-query-optimization.zip && unzip -o postgresql-query-optimization.zip -d ./postgresql-query-optimization
Config
Citations
ClaimUnclaimedUnclaimedUnclaimed
Open 3 picks in the interactive comparison tool

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.