supabase-security-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SUPABASE_ACCESS_TOKEN | Yes | Your Supabase personal access token (sbp_...). Get one at https://supabase.com/dashboard/account/tokens |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| audit_projectA | Scan a Supabase project for security issues: RLS gaps, exposed SECURITY DEFINER functions, public buckets, default-privilege leaks, and unsafe auth config. Returns findings JSON. Caches result for use by apply_fix tools. |
| list_findingsA | List findings from the last audit of a project, optionally filtered by severity. Use after audit_project to inspect specific issues. |
| preview_fixA | Preview what a fix would change WITHOUT applying it. Wraps the fix SQL in BEGIN; ... ROLLBACK; and returns what would have happened. Safe to call for any finding. |
| apply_fixA | ACTUALLY APPLY a fix SQL to the project. Requires confirm=true. Always run preview_fix first. Re-runs audit afterward to verify the finding is gone. |
| apply_all_fixesA | Bulk-apply all SQL fixes from last audit, optionally filtered by severity. Wraps everything in a single transaction — if any statement fails, everything rolls back. Always preview the count and list before confirming. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Perufitlife/supabase-security-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server