Postgres MCP Server Review - Supabase MCP Server - DBHub, Minimal Database MCP Server

Last updated: Dec 22, 2025 This is the second in a series of deep-dive reviews examining popular Postgres MCP servers. We’re reviewing Supabase MCP Server, a MCP server that gives AI assistants direct access to Supabase projects for database operations, schema changes, and project configuration.

GitHub Stars
License: Apache-2.0
Language: TypeScript

Installation

While Supabase MCP offers both hosted and self-hosted versions, the majority of users use the hosted version. For this review, I tested the hosted implementation.

Installation is straightforward—follow the official instructions to set up the MCP server. On first connection, my Claude Code prompts for OAuth authentication to my Supabase account.

Supabase MCP Server                                                                                                            │
                                                                                                                               │
Status: △ needs authentication                                                                                                 │
URL: https://mcp.supabase.com/mcp                                                                                              │
Config location: /Users/tianzhou/.claude.json [project: /Users/tianzhou/Desktop/dbhub]                                         │
                                                                                                                               │
❯ 1. Authenticate                                                                                                              │
  2. Disable

Once authenticated, I received an email confirming the OAuth app addition. supabase-oauth

Tools

Supabase MCP provides over 20 tools organized into feature groups. These tools serve as a wrapper around the Supabase Management API, translating MCP tool calls into the corresponding API endpoints. For example:

execute_sql calls the query endpoint
apply_migration calls the migration endpoint.

Group	Key Tools	Purpose
Account	`list_projects`, `create_project`, `get_cost`, `confirm_cost`	Project and organization management, cost calculation
Database	`list_tables`, `execute_sql`, `apply_migration`	Schema inspection, SQL execution, migrations
Debugging	`get_logs`, `get_advisors`	Service logs, advisory security notices
Development	`generate_typescript_types`, API configuration	Type generation, API key retrieval
Edge Functions	Function deployment and management	Serverless function operations
Branching	Development branch operations	Testing changes before production (paid plans)
Docs	`search_docs`	Supabase documentation search
Storage (disabled)	File storage operations	Object storage management (enable with `features=storage`)

Token Efficiency

Loading All Tools

The default configuration loads all 29 tools across all feature groups:

│ Tools for supabase (29 tools)                                                                                                  │
│                                                                                                                                │
│ ❯ 1.  Search docs                  read-only                                                                                   │
│   2.  List organizations           read-only                                                                                   │
│   3.  Get organization details     read-only                                                                                   │
│   4.  List projects                read-only                                                                                   │
│ ↓ 5.  Get project details          read-only

The token cost is 19.3k tokens:

> /context
  ⎿  
      Context Usage
     ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁   claude-sonnet-4-5-20250929 · 87k/200k tokens (43%)
     ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛀ ⛀
     ⛁ ⛀ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ System prompt: 2.6k tokens (1.3%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ System tools: 15.9k tokens (7.9%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ MCP tools: 19.3k tokens (9.6%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ Custom agents: 247 tokens (0.1%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ Memory files: 2.4k tokens (1.2%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛝ ⛝ ⛝   ⛁ Messages: 1.3k tokens (0.6%)
     ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝   ⛶ Free space: 113k (56.6%)
     ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝   ⛝ Autocompact buffer: 45.0k tokens (22.5%)

Selecting Specific Feature Groups

A more efficient approach is to specify only the feature groups you need. For example, if you only need database operations and documentation search:

https://mcp.supabase.com/mcp?features=database,docs

This configuration loads just 6 tools and reduces token usage to 4.2k tokens—a 4.6x reduction:

> /context
  ⎿  
      Context Usage
     ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁ ⛁   claude-sonnet-4-5-20250929 · 72k/200k tokens (36%)
     ⛁ ⛀ ⛁ ⛀ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ System prompt: 2.7k tokens (1.3%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ System tools: 15.9k tokens (7.9%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ MCP tools: 4.2k tokens (2.1%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ Custom agents: 247 tokens (0.1%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶   ⛁ Memory files: 2.4k tokens (1.2%)
     ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛶ ⛝ ⛝ ⛝   ⛁ Messages: 1.3k tokens (0.6%)
     ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝   ⛶ Free space: 128k (64.1%)
     ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝ ⛝   ⛝ Autocompact buffer: 45.0k tokens (22.5%)

     MCP tools · /mcp
     └ mcp__supabase__search_docs (supabase): 1.1k tokens
     └ mcp__supabase__list_tables (supabase): 640 tokens
     └ mcp__supabase__list_extensions (supabase): 596 tokens
     └ mcp__supabase__list_migrations (supabase): 596 tokens
     └ mcp__supabase__apply_migration (supabase): 668 tokens
     └ mcp__supabase__execute_sql (supabase): 657 tokens

Security

Database MCP servers face a fundamental challenge: LLMs cannot distinguish between instructions and data. In July 2025, security researchers demonstrated this with the “lethal trifecta” attack—a prompt injection vulnerability affecting all database MCP servers, not just Supabase. This is an industry-wide problem with no complete solution. Supabase has implemented several mitigations and prominently features security best practices in their documentation. Key configuration options include: Project Scoping — Restricts operations to a single project:

"url": "https://mcp.supabase.com/mcp?project_ref=your_dev_project"

Read-Only Mode — Blocks destructive operations using a special supabase_read_only_user:

"url": "https://mcp.supabase.com/mcp?read_only=true"

Feature Group Restrictions — Reduces attack surface by limiting available tools:

"url": "https://mcp.supabase.com/mcp?features=database,docs"

Summary

Supabase MCP Server isn’t a general-purpose PostgreSQL MCP server—it’s a management interface specifically for Supabase projects. The hosted architecture, OAuth authentication, and Supabase-specific features (branching, Edge Functions) only work with Supabase, so this is for teams already using the platform.

The Good

Simple setup: Add one JSON configuration block and authenticate via OAuth 2.1 with automatic token refresh. No binary downloads, no local servers, no dependency management, no hardcoded credentials. Most database MCP servers still require manual credential management in config files.
Better security defaults: While prompt injection attacks affect all database MCP servers, Supabase implements more security guardrails than most. OAuth authentication with project scoping prevents cross-project access. Read-only mode uses a dedicated supabase_read_only_user (not just query filtering).

The Bad

Supabase lock-in: Can’t connect to external PostgreSQL instances, other cloud providers, or on-premise databases. Your data must be in Supabase.
Feature group granularity: Token-conscious users may want to load individual tools rather than entire feature groups. The features=database group loads 6 tools (4.2k tokens) when you might only need execute_sql.
Beta API and missing safeguards: Some Management API endpoints it depends on like execute_sql are still tagged as beta and lack common safety parameters like row limits and timeouts.

Should You Use It?

If you’re already using Supabase: The MCP server is useful for AI-assisted schema design, migrations, and project management. The Supabase-specific features (branching, Edge Functions, TypeScript type generation) aren’t available in generic servers. Follow the security best practices—use read_only=true, restrict to specific projects with project_ref, and limit feature groups to reduce attack surface. If you’re choosing a hosted Postgres provider: Supabase MCP is a differentiator worth considering. It implements more security guardrails than most database MCP servers. While prompt injection remains unsolved industry-wide, the MCP integration is a factor to weigh when comparing Postgres providers—just understand the inherent risks and platform lock-in.

Postgres MCP Server Review Series:

MCP Toolbox for Databases - Google’s multi-database MCP server with 40+ data source support
Supabase MCP Server (this article) - Hosted MCP server for Supabase projects
More reviews coming soon…

​Installation

​Tools

​Token Efficiency

​Loading All Tools

​Selecting Specific Feature Groups

​Security

​Summary

​The Good

​The Bad

​Should You Use It?

Installation

Tools

Token Efficiency

Loading All Tools

Selecting Specific Feature Groups

Security

Summary

The Good

The Bad

Should You Use It?