Supabase MCP Server (Official)

MCP server for Supabase — gives agents full access to manage Supabase projects including Postgres databases, tables, RLS policies, Edge Functions, Storage buckets, and project settings via the Supabase Management API.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Databases supabase mcp postgres baas auth storage realtime edge-functions
⚙ Agent Friendliness
81
/ 100
Can an agent use this?
🔒 Security
85
/ 100
Is it safe for agents?
⚡ Reliability
84
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
82
Documentation
85
Error Messages
80
Auth Simplicity
78
Rate Limits
75

🔒 Security

TLS Enforcement
100
Auth Strength
82
Scope Granularity
78
Dep. Hygiene
85
Secret Handling
82

RLS is Supabase's core security model — use it. Service Role Key bypasses RLS entirely — critical to restrict agent access. SOC2 Type II, HIPAA BAA available. Postgres connection string contains credentials — treat as highly sensitive. Network restrictions available on Pro plan.

⚡ Reliability

Uptime/SLA
88
Version Stability
85
Breaking Changes
82
Error Recovery
80
AF Security Reliability

Best When

Your agent needs to manage a Supabase backend — provisioning tables, managing auth, deploying edge functions. The official MCP server provides comprehensive project management capabilities.

Avoid When

You just need to query data — use mcp-server-postgres against Supabase's Postgres connection string instead. The management MCP has broader privileges than needed for read-only data access.

Use Cases

  • Agents creating and managing database schemas on Supabase Postgres
  • Managing Row Level Security policies for access control
  • Deploying and invoking Supabase Edge Functions from agent workflows
  • Uploading and managing files in Supabase Storage
  • Querying database contents and managing auth users

Not For

  • High-frequency real-time data (use Supabase's Realtime channels, not MCP)
  • Direct database connections at scale (use connection pooling via pgBouncer)
  • Production schema migrations without safeguards (agents can drop tables)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No

Authentication

Methods: api_key
OAuth: No Scopes: No

Supabase Personal Access Token (PAT) or Service Role Key. PAT for management API (project creation, schema management). Service Role Key for bypassing RLS in data operations. Use anon key for user-scoped data access with RLS.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

Generous free tier for development. Free tier pauses after 1 week of inactivity. Pro plan includes point-in-time recovery. Compute add-ons for production scale.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Service Role Key bypasses ALL Row Level Security — agents using this key have unrestricted DB access
  • Free tier project pausing can catch agents off-guard — must resume before operations work
  • Schema changes via MCP affect production immediately — no staging/preview built into the MCP server
  • Supabase Postgres connection string has connection limits — high-concurrency agents need pooler URL
  • Edge Functions have cold start latency — first invocation after idle period can take 1-2 seconds
  • MCP server is community-maintained (supabase-community), not official Supabase engineering

Alternatives

mcp-server-postgres supabase-api neon-api firebase-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Supabase MCP Server (Official).

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5227
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered