supabase-mcp-server
by mcp-use
Overview
This server provides interactive tools and React widgets for exploring and querying your Supabase database and viewing its service status.
Installation
yarn startEnvironment Variables
- ACCESS_TOKEN
- CSP_URLS
- MCP_USE_OAUTH_SUPABASE_PROJECT_ID
Security Notes
The server uses `process.env.ACCESS_TOKEN` for Supabase authentication, which is good practice. However, the `SupabaseStatusWidget` uses `dangerouslySetInnerHTML` to render descriptions from an external RSS feed (`https://status.supabase.com/history.rss`). This is a critical Cross-Site Scripting (XSS) vulnerability if the RSS feed content can be manipulated by an attacker, potentially allowing arbitrary script execution within the widget. While `CSP_URLS` is configured for widget loading, `dangerouslySetInnerHTML` needs explicit sanitization of the content itself to prevent injection risks.
Similar Servers
vcon-mcp
The vCon MCP Server stores, manages, and provides advanced search and AI/ML analysis capabilities for IETF vCon (Virtual Conversation) objects, supporting multi-tenancy and extensibility via plugins.
mcp-chat-client
A modern chat client that integrates with Model Context Protocol (MCP) servers to provide AI-powered conversations with access to various tools and resources.
mcp-server-generator
Generate Model Context Protocol (MCP) servers from database datasources for integration with AI agents, using a visual canvas interface for tool creation and management.
mcp-proxy-saas
An API gateway/proxy for Model Context Protocol (MCP) servers, providing authentication, security, and logging for multi-tenant applications.