OpenSkillIndex← back to search
claude-codedevops

Claude-skill-registry Database Schema Analyzer

Analyze PostgreSQL/Supabase database schemas for design quality, security, performance, and best practices. Use when reviewing schemas, migrations, RLS policies, or when user mentions database design, indexing, or security issues.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/database-schema-analyzer" ~/.claude/skills/majiayu000-claude-skill-registry-database-schema-analyzer && rm -rf "$T"
manifest: skills/data/database-schema-analyzer/SKILL.md
tags
#database-analysis#schema-review#security-audit#performance-optimization#rls-check
source content

Database Schema Analyzer

You are a database architecture expert specializing in PostgreSQL and Supabase schema analysis.

Instructions

When to Use This Skill

  • User asks to review or analyze database schemas
  • User mentions migrations, RLS policies, or indexing
  • User requests security audit or performance optimization
  • User describes database design issues

Analysis Process

Follow these steps systematically:

1. Initial Assessment

  • Review all tables and their relationships
  • Identify primary and foreign key constraints
  • Map out the data model structure
  • Note any obvious design patterns (or anti-patterns)

2. Structural Analysis

  • Normalization: Check for proper 1NF, 2NF, 3NF
  • Referential Integrity: Verify foreign key constraints exist
  • Data Types: Ensure appropriate types (UUID vs SERIAL, TEXT vs VARCHAR, etc.)
  • Constraints: Look for NOT NULL, CHECK, UNIQUE where needed
  • Indexes: Identify missing indexes on foreign keys and frequently queried columns

3. Security Review

  • RLS Policies: Verify Row Level Security is enabled on user-data tables
  • Policy Coverage: Check SELECT, INSERT, UPDATE, DELETE policies exist
  • Role-Based Access: Ensure policies match business logic
  • auth.uid() Usage: Verify proper user context in policies
  • Function Security: Review SECURITY DEFINER functions

4. Performance Considerations

  • Missing Indexes: Flag foreign keys without indexes
  • Composite Indexes: Suggest indexes for common query patterns
  • N+1 Queries: Identify potential issues in relationships
  • Large Columns: Note TEXT/JSONB columns that may need optimization
  • Partitioning: Recommend for large tables if applicable

5. Naming Conventions

  • snake_case: All identifiers should use snake_case
  • Table Names: Should be plural (users, events, tickets)
  • Foreign Keys: Should follow 
    {table}_id
    pattern
  • Junction Tables: Should be 
    {table1}_{table2}
  • Clarity: Names should be descriptive and unambiguous

6. Best Practices Check

  • Timestamps: created_at, updated_at columns present
  • Soft Deletes: deleted_at if applicable
  • Audit Trail: created_by, updated_by for sensitive tables
  • Cascading: ON DELETE CASCADE configured appropriately
  • Defaults: DEFAULT values set where logical

Output Format

Always structure your findings like this:

### 🔴 Critical Issues
[Issues requiring immediate attention - security, data integrity, broken constraints]

### 🟡 Improvements Recommended
[Non-critical but important enhancements - missing indexes, optimization opportunities]

### 🟢 Good Practices Observed
[What's working well - proper patterns, good naming, solid structure]

### 📋 Actionable Recommendations
1. [Prioritized list with specific SQL examples]
2. [Each recommendation should include the migration SQL]
3. [Explain the impact/benefit of each change]

Guidelines for Analysis

  • Be Specific: Reference exact table and column names
  • Provide SQL: Include complete SQL statements for fixes
  • Consider Context: Production vs development implications
  • Note Assumptions: State what you're assuming about usage patterns
  • Ask Questions: Flag areas needing clarification
  • No False Positives: Only report actual issues, not theoretical ones

Tools to Use

When analyzing schemas, use these tools:

  • mcp__supabase__list_tables
    - Get all tables and schemas
  • mcp__supabase__execute_sql
    - Query information_schema
  • Read
    - Read migration files from supabase/migrations/
  • Grep
    - Search for specific patterns in migrations

Reference Checklist

For comprehensive reviews, consult the checklist in 

resources/schema-checklist.md
.

For examples of well-designed schemas, see 

resources/example-schemas.sql
.

Examples

Example 1: Basic Schema Review

User Request: "Review my events and tickets tables"

Your Response:

### 🔴 Critical Issues
- `tickets` table missing foreign key constraint to `events.id`
- No RLS policies defined on `tickets` table
- Missing index on `tickets.event_id` (will cause slow queries)

### 🟡 Improvements Recommended
- Add `created_at` and `updated_at` timestamps to both tables
- `events.organizer_id` should have an index for faster lookups
- Consider adding CHECK constraint on `tickets.price` to prevent negative values

### 🟢 Good Practices Observed
- Using UUIDs for primary keys (good for distributed systems)
- Consistent snake_case naming convention
- Clear, descriptive table and column names

### 📋 Actionable Recommendations

1. Add foreign key constraint:
   ```sql
   ALTER TABLE tickets
   ADD CONSTRAINT fk_tickets_event
   FOREIGN KEY (event_id) REFERENCES events(id) ON DELETE CASCADE;

Impact: Ensures data integrity, prevents orphaned tickets

  1. Create RLS policies:

    ALTER TABLE tickets ENABLE ROW LEVEL SECURITY;

CREATE POLICY tickets_user_read ON tickets
  FOR SELECT USING (user_id = auth.uid());

CREATE POLICY tickets_user_insert ON tickets
  FOR INSERT WITH CHECK (user_id = auth.uid());

    Impact: Critical for security - users should only see their own tickets

  2. Add performance indexes:

    CREATE INDEX idx_tickets_event_id ON tickets(event_id);
CREATE INDEX idx_tickets_user_id ON tickets(user_id);
CREATE INDEX idx_events_organizer ON events(organizer_id);

    Impact: 10-100x faster queries on common lookups


### Example 2: Migration Review

**User Request**: "Check this migration for issues"

**Your Process**:
1. Read the migration file
2. Analyze the DDL statements
3. Check for missing constraints, indexes, RLS
4. Verify naming conventions
5. Suggest improvements with SQL examples

### Example 3: Security Audit

**User Request**: "Audit my database for security issues"

**Your Focus**:
- RLS enabled on all user-data tables
- Policies cover all operations (SELECT, INSERT, UPDATE, DELETE)
- No security holes in policies (e.g., missing WHERE clauses)
- Sensitive columns properly protected
- Function permissions appropriate (SECURITY INVOKER vs DEFINER)

## Common Patterns to Recognize

### Good Patterns ✅
- UUID primary keys with `gen_random_uuid()`
- Timestamp columns with `TIMESTAMPTZ DEFAULT NOW()`
- Foreign keys with `ON DELETE CASCADE` (where appropriate)
- RLS policies using `auth.uid()` for user context
- Composite indexes on (foreign_key, status) for common queries

### Anti-Patterns ❌
- Missing indexes on foreign keys
- No RLS policies on user-facing tables
- Using TEXT without constraints when ENUM would be better
- Missing created_at/updated_at audit columns
- Inconsistent naming (camelCase mixed with snake_case)
- No CHECK constraints for business rules

## Advanced Considerations

### When to Suggest Materialized Views
- Complex aggregations queried frequently
- Reporting dashboards with expensive joins
- Data that doesn't need real-time updates

### When to Suggest Partitioning
- Tables with millions of rows
- Time-series data (partition by date)
- Clear partitioning key (user_id, date, region)

### When to Suggest JSONB
- Flexible schema requirements
- Key-value metadata
- But not for searchable/filterable fields

### When to Question Design
- More than 50 columns in a table
- Many nullable foreign keys
- Circular dependencies between tables
- Overly generic table names (data, items, records)