Supabase MCP Server (joshuarileydev)

Community MCP server for Supabase providing AI agents access to PostgreSQL queries, table management, and Supabase platform operations via the Supabase REST API.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Databases supabase postgres baas realtime storage auth mcp-server community
⚙ Agent Friendliness
74
/ 100
Can an agent use this?
🔒 Security
84
/ 100
Is it safe for agents?
⚡ Reliability
78
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
68
Documentation
80
Error Messages
72
Auth Simplicity
82
Rate Limits
68

🔒 Security

TLS Enforcement
100
Auth Strength
82
Scope Granularity
80
Dep. Hygiene
78
Secret Handling
80

Two-key model (anon + service role) with RLS is well-designed. Community MCP — note official Supabase MCP (supabase-mcp-server) may be better maintained. HTTPS enforced.

⚡ Reliability

Uptime/SLA
88
Version Stability
78
Breaking Changes
72
Error Recovery
72
AF Security Reliability

Best When

An agent needs to query or manage data in a Supabase-backed application — reading application state, writing records, or analyzing database contents.

Avoid When

You need real-time data streams or complex database schema migrations — this MCP is best for CRUD operations.

Use Cases

  • Running SQL queries against Supabase Postgres from agents
  • Managing Supabase tables and schema in agent workflows
  • Reading and writing application data via Supabase REST API
  • Accessing Supabase edge functions from agent orchestration
  • Managing row-level security policies via agent analysis

Not For

  • Real-time subscriptions (use Supabase client for WebSocket streams)
  • Supabase Auth user management beyond basic queries
  • Large file storage operations (use Supabase Storage API directly)

Interface

REST API
Yes
GraphQL
Yes
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
Yes

Authentication

Methods: api_key service_role_key anon_key
OAuth: No Scopes: Yes

Supabase uses anon key (respects RLS) and service_role key (bypasses RLS). Service role key grants full database access — use anon key + RLS for safer agent access. JWT-based auth.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

Generous free tier for development. Pro plan required for production with backups and higher limits.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Service role key bypasses Row Level Security — agents using it have full DB access; use anon key + RLS instead
  • Community MCP (not official Supabase) — Supabase has since released an official MCP (supabase-mcp-server)
  • PostgREST query syntax is not standard SQL — agents must use filter syntax, not raw SQL
  • Free tier has aggressive connection pooling limits (10 connections)
  • RLS policies must be carefully designed before giving agents access to apply them correctly
  • Rate limits on free tier (2,000 req/hour) can be hit quickly in agent loops

Alternatives

postgres-mcp neon-postgres mcp-server-postgres

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Supabase MCP Server (joshuarileydev).

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered