What it does
Supabase MCP goes beyond raw SQL access. Because Supabase wraps Postgres with a full backend-as-a-service layer — authentication, storage, real-time, edge functions — this MCP server exposes all of those layers to Claude, not just the database tables.
This means Claude can help with tasks like auditing your Row Level Security policies, checking which users are in a specific auth role, listing files in a storage bucket, or invoking an edge function to test its response — all in a single conversation without switching to the Supabase dashboard.
- Query any table using the Supabase PostgREST API
- Insert, update, and delete rows
- List and inspect auth users and their metadata
- Invoke Supabase Edge Functions with custom payloads
- List storage buckets and their contents
- Inspect the database schema and RLS policies
How to connect
Find your project URL and service role key in the Supabase dashboard under Settings → API. Use the service_role key (not the anon key) for full access:
export SUPABASE_URL="https://abcdefgh.supabase.co" export SUPABASE_KEY="eyJhbGciOiJIUzI1NiIs..." # service_role key claude mcp add supabase -- npx -y supabase-mcp
Available tools
query_table— fetch rows from a table with filtersinsert_row— insert a new record into a tableupdate_row— update a row matching a filterdelete_row— delete rows matching a filterinvoke_function— call a Supabase Edge Functionlist_buckets— list all storage bucketslist_users— list auth users with metadataget_schema— return the full database schema
Example usage
Ask Claude to audit your auth setup or inspect data anomalies:
# User prompt
List all users who signed up in the last 7 days
but have never created a project. Show their
email and created_at date.
list_users({ created_after: "2026-05-22" }) → returns 41 users query_table("projects", { select: "user_id" }) → returns user_ids with projects → Claude computes set difference → returns 18 users with no projects
Key type matters: Use the service_role key for MCP access — it bypasses Row Level Security, giving Claude full table access. Never use this key in client-side code. The anon key is subject to RLS policies and may not have sufficient permissions.