← Back to Claude Tool Reviews

Supabase MCP

Connector Infrastructure Usable

Official Supabase MCP server enabling Claude to manage projects, query databases, manage auth, Edge Functions, and storage. Configurable read-only and project-scoped modes. 2.6K stars.

2,581 starsApache-2.0 (commercial OK)FreemiumNo code needed
Official tool maintained by Supabase.
Reviewed 2026/03 ·
Fair rating — This tool is functional but has notable gaps. Review the evaluation notes below before deploying.
Why it matters

Supabase is rapidly becoming the default backend-as-a-service for modern web applications. AI-assisted database management and schema exploration accelerates development — and read-only mode makes this defensible for enterprise.

Best for

Development teams using Supabase who want schema introspection, query assistance, and project management in their AI workflow.

Works in
Claude Code Claude Cowork Claude Chat
Source

https://www.npmjs.com/package/@supabase/mcp-server-supabase

By Supabase

How to Get It

Option 1: Claude Desktop AppOpen the Customize panel in the sidebar → browse connectors → search and add. Works in Claude Code, Claude Cowork, and Claude Chat.
Option 2: Paste into Claude CodeCopy the command below and paste it into a Claude Code conversation. Claude will run it for you.
Instructions to paste into Claude 
npx -y @supabase/mcp-server-supabase --access-token YOUR_TOKEN

Replace YOUR_TOKEN with your Supabase access token. You can find this in your Supabase dashboard under Settings → API.
PrerequisitesSupabase account with personal or project-scoped access tokenTime to functional15 minutesCostFreemium — Free tier available; $25/month pro

Trust Signals Source Reviewed

Stars2,581Contributors14Last updated2026-03-26LicenseApache-2.0 (OK for commercial use)Weekly downloads41,705Known CVEsNone found

Data & Access

Data processingPrompts sent to Anthropic API. Enterprise/Team plans exclude training.Connects toSupabase servers (official integration)

Community Pulse Active

Discussed on Reddit

9 mentions across 1 sources

Reviewer notes

Source Reviewed review. These are observations, not a security certification.

v0.7.0, 283K monthly downloads, 172 stars. Supports read_only mode and project_ref scoping — significantly reduce risk when configured. Default mode has full read/write/schema access. Apache 2.0 license. Good test coverage (vitest, msw). Pre-1.0 with expected breaking changes.

Without read_only=true and project_ref scoping, MCP has full access to all Supabase projects. With both options, risk drops significantly. CRITICAL: always configure read_only and project_ref for production use. Dependencies: graphql, openapi-fetch, gqlmin. supabase-community org (staffed by Supabase employees). RESTRICTED: Full database read/write/schema access by default. Requires compensating controls (sandboxing, separate accounts, restricted profiles) before team deployment.

2026-04-02: LIMITATION: Without explicitly setting read_only=true and project_ref scoping, the MCP has full access to ALL Supabase projects in the account. Default configuration is dangerously broad.

How to evaluate tools before deploying →

Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.

Evaluation Scores

Evaluation

Ease of Use
3/5
Versatility
3/5
Reliability
4/5
Security
3/5
Overall score3.25 / 5.00 UsableEvaluatedMar 2026
v0.7.0, 283K monthly downloads, 172 stars. Supports read_only mode and project_ref scoping — significantly reduce risk when configured. Default mode has full read/write/schema access. Apache 2.0 license. Good test coverage (vitest, msw). Pre-1.0 with expected breaking changes.

← Back to Claude Tool Reviews