Search the Supabase docs for up-to-date guidance and troubleshoot errors quickly. Manage organizations, projects, databases, and Edge Functions, including migrations, SQL, logs, advisors, keys, and type generation, in one flow. Create and manage development branches to iterate safely, confirm costs up front, and merge changes to production with confidence.
Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.
- capability exposureinferred+35
- recent driftinferred+5
- tool safetyinferred+25
- trust mitigatorsmixed−8
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 8m ago · see ecosystem CVEs →
No known CVEs for this server.
- highexfiltration combosearch_docs
single tool reads + sends: net, secrets, db
- highexfiltration combodeploy_edge_function
single tool reads + sends: fs, net
- hightoxic flow (lethal trifecta)get_advisors
single tool reads private data, ingests untrusted content, and reaches the network: net, db
- mediumpurpose mismatchsearch_docs
benign-looking name carries secrets
- lowexfiltration comboget_advisors
single tool reads + sends: net, db
- recent drift+5 capability drift →
[](https://mcpobservatory.com/servers/smithery:Supabase/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of Supabase.