Does it need a Supabase access token?

Yes. Create a Personal Access Token at supabase.com/dashboard/account/tokens and set it as `SUPABASE_ACCESS_TOKEN`. Scope the token to a single project when possible — the agent only needs the projects it operates on.

Can it run migrations?

Yes. It exposes `apply_migration`, `list_migrations`, and can inspect the current schema. Migrations go through Supabase's tracked migration system, so they are versioned rather than raw SQL against the DB.

Does it cover Auth, Storage, and Edge Functions or just the database?

All of them. The server includes tools for Auth (users, policies), Storage (buckets, signed URLs), Edge Functions (deploy, list, logs), and Realtime channel config — not only SQL. That is what makes it distinct from the plain Postgres MCP.

Is it safe to point at a production project?

Treat it like prod DB access. The access token can delete tables. For agent use, create a dedicated Supabase project for dev/staging and only hook the MCP to that one; keep production manual.

What is the difference between this and the Postgres MCP?

The Postgres MCP is read-only SQL over any Postgres. The Supabase MCP is Supabase-aware: it can run migrations, manage auth users, deploy edge functions, and manage storage buckets. Pick this one when you are working inside a Supabase project; pick Postgres when you want read-only SQL over any DB.

Supabase

Name: Top MCPs — curated MCP directory
Creator: Top MCPs
License: https://creativecommons.org/licenses/by/4.0/

Full Supabase access: database, auth, storage, and edge functions.

Score 74(?)SupabaseApache-2.0 2.6kVerified May 28, 2026Top MCPs for Databases →

Install View on GitHub

Quick answer

What it does

Connects to the Supabase Management API and database, enabling schema inspection, SQL queries, auth operations, and project management from AI context.

Best for

Supabase project management
Schema design and migrations
RLS policy creation
Edge Function development

Not for

Non-Supabase PostgreSQL databases
General-purpose SQL workflows

Setup recipe

Pick your client, then follow the three steps.

Install

claude_desktop_config.jsonjson

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "@supabase/mcp-server-supabase@latest"
      ],
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Paste under mcpServers. Fully quit and reopen Claude after editing.

CLI or .mcp.jsonshell

# export SUPABASE_ACCESS_TOKEN=sbp_your_access_token
claude mcp add supabase -- npx @supabase/mcp-server-supabase@latest

Run from your repo. Commit .mcp.json to share with your team.

.cursor/mcp.jsonjson

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "@supabase/mcp-server-supabase@latest"
      ],
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Global path: ~/.cursor/mcp.json. Reload window after editing.

.vscode/mcp.jsonjsonc

{
  "servers": {
    "supabase": {
      "command": "npx",
      "args": [
        "@supabase/mcp-server-supabase@latest"
      ],
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

VS Code uses the "servers" key (not "mcpServers").

~/.codeium/windsurf/mcp_config.jsonjson

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "@supabase/mcp-server-supabase@latest"
      ],
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Open via Cascade → hammer icon → Configure.

cline_mcp_settings.jsonjson

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "@supabase/mcp-server-supabase@latest"
      ],
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Open via the Cline sidebar → MCP Servers → Edit.

~/.continue/config.jsonjson

{
  "experimental": {
    "modelContextProtocolServers": [
      {
        "transport": {
          "type": "stdio",
          "command": "npx",
          "args": [
            "@supabase/mcp-server-supabase@latest"
          ],
          "env": {
            "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
          }
        }
      }
    ]
  }
}

Continue uses modelContextProtocolServers with a transport block.

~/.codex/config.tomlshell

# ~/.codex/config.toml
[mcp_servers.supabase]
command = "npx"
args = [
  "@supabase/mcp-server-supabase@latest",
]
env = { SUPABASE_ACCESS_TOKEN = "${SUPABASE_ACCESS_TOKEN}" }

Codex uses TOML. Each server is a [mcp_servers.<name>] subtable.

~/.config/zed/settings.jsonjsonc

{
  "context_servers": {
    "supabase": {
      "command": {
        "path": "npx",
        "args": [
          "@supabase/mcp-server-supabase@latest"
        ]
      },
      "env": {
        "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}"
      }
    }
  }
}

Zed calls them "context_servers". Settings live-reload on save.

ChatGPT → Settings → Connectors (remote URL)json

{
  "name": "Supabase",
  "transport": "http",
  "url": "https://mcp.supabase.com/mcp"
}

Paste this into Settings → Connectors → Add custom connector. Requires ChatGPT Pro / Team / Enterprise / Edu with Developer mode enabled. ChatGPT supports remote HTTPS MCP servers only — stdio servers must be hosted on a public HTTPS endpoint first.

Open in ChatGPT directory

2
Set required secrets
Set SUPABASE_ACCESS_TOKEN in your shell environment before launching your MCP client.
3
Try a minimum working prompt
Audit every table in the public schema
Using the Supabase MCP, list every table in the `public` schema and show the row count for each. Flag any table that has grown by more than 20% in the last 30 days (based on `pg_stat_user_tables`).
Tested with: Claude Desktop, Cursor.

Tools & permissions

Tools list pending verification. The server exposes tools over MCP; we haven’t yet parsed its capability manifest into this page. Check the GitHub repo for the authoritative list.

Security & scope

Access scope: Read + write
Sandbox: Authenticates to Supabase using a personal access token or service-role key in env. The token scope determines what the agent can do across database, auth, storage, and edge-function APIs.
Gotchas: A service-role key bypasses row-level security — prefer a scoped personal access token for agent use where possible.
Destructive operations (drop table, delete rows) are available whenever the token permits them; there is no MCP-level read-only mode.

Agent prompt pack

— copy into Claude, Cursor, or ChatGPT.

Paste into Claude, Cursor, or ChatGPT. Edit the [brackets] before sending.

Recommend the best MCP servers for [task: e.g. databases work] in [client: Claude].

Constraints:
- Prefer tools that are [official | open-source | read-only] — pick what matters for my use case.
- Exclude MCPs that require [e.g. a paid plan, OAuth-only flows, remote-only transport].
- Return at most 3 picks, ranked.

For each pick include:
1. One-sentence rationale.
2. The ready-to-paste install snippet for my client.
3. Any required secrets I need to create before installing.

Cross-check the top-mcps.com listing: https://top-mcps.com/top-mcps-for-databases

Compare Supabase against a real alternative. Swap the second MCP in [brackets] if you want a different match.

Compare Supabase MCP vs [Postgres MCP Pro MCP] for the following job: [describe the job, e.g. "let an agent create GitHub issues on bug triage"].

Judge them on:
- Setup time and complexity (what a new user hits first).
- Auth model (none / API key / OAuth 2.1) and credential risk.
- Transport (stdio / Streamable HTTP / SSE) and where the server runs.
- Required secrets and the blast radius if they leak.
- Operational risk in an unattended agent loop.
- Which one is "good enough" for a weekend prototype vs. production.

End with one sentence: which should I pick for my scenario, which is: [my scenario].

References:
- https://top-mcps.com/mcp/supabase
- top-mcps.com listing for Postgres MCP Pro

Asks the agent to install and verify. Works inside Claude Code, Cursor Agent, Codex CLI.

Install the Supabase MCP server for my [client: Claude] at the default config path for that client.

Use the exact install snippet published at https://top-mcps.com/mcp/supabase (fetch https://top-mcps.com/mcp/supabase.json for the canonical server.json if you can read URLs).

Before finishing:
1. Create the required secrets (SUPABASE_ACCESS_TOKEN) and put them in the appropriate env block — do not hard-code them.
2. Restart or reload the client so it picks up the new server.
3. Verify the server is connected (green / running state) and at least one tool is listed.
4. If anything fails, read the client's MCP logs and report the exact error — do not silently retry.

Confirm when done and list the tools the server now exposes.

Frequently asked questions

What changed

— 2 updates tracked.

May 28, 2026
Refreshed install snippets and fact sheet; verified for 2026.
Feb 1, 2025
Initial directory listing.

More Databases MCPs

Other tools in the same category worth evaluating.

Postgres MCP Pro

Production-grade Postgres MCP with index advice, EXPLAIN, and health checks.

databasesqlpostgresperformance

5 minMedium

SQLite

Local SQLite database access with full read/write support.

databasesqlitelocalstorage

2 minLow

MongoDB

Official

Query and inspect MongoDB collections from Claude, Cursor, and VS Code.

databasenosqlmongodbatlas

5 minLow

Compared with Supabase

Side-by-side breakdowns for the choices people most often weigh against this MCP.

SupabasevsPostgres MCP Pro SupabasevsSQLite SupabasevsPostgreSQL (archived)SupabasevsAWS

Exploring Top MCPs for Databases? See all Databases MCPs →