What it does
The official Supabase MCP server connects AI assistants to the Supabase platform — list and inspect tables, run SQL, apply migrations, deploy and read Edge Functions, fetch logs and security advisors, generate TypeScript types, and manage projects and branches. Deterministic Management/Postgres API calls; run read-only or project-scoped for safety.
Example prompts
- List the tables in my project and show the schema for users.
- Run the security advisors and tell me what to fix before launch.
Tools provided
- list_tables — List tables in a project.
- execute_sql — Run SQL against a project database.
- apply_migration — Apply a migration.
- deploy_edge_function — Deploy an Edge Function.
- get_advisors — Fetch security/performance advisors.
- generate_typescript_types — Generate TypeScript types.
What you'll need to connect
This agent will ask you for the following. You enter them when you connect — they're encrypted and never shared with the creator.
- Supabase Personal Access Token · optionalFor local stdio / CI Bearer auth.Get this from mcp.supabase.com's account or API settings.Paste the value as a single line.Only sent to: mcp.supabase.com, api.supabase.com
How you're protected
FindAgent runs these safety checks on every agent automatically. They're always on and can't be turned off.
- Prompt-injection scanning
Every request is checked for known prompt-injection and jailbreak attempts before the agent runs. This is always on.
- Secret-leak scanning
Every response is scanned for leaked API keys, tokens, and other secrets before it reaches you. This is always on.
