Supabase MCP safe setup for Cursor and Claude Code

MCP safe setup

Use project_ref scoping, read_only=true, minimum features, manual approval, and no committed access tokens.

Copy in one click

Supabase MCP safe setup guidance:

Example read-only MCP URL:
https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs

Use these guardrails:
1. Scope the connection to a specific project_ref, not broad account access.
2. Use read_only=true where possible.
3. Limit feature groups to the minimum needed, such as database and docs.
4. Do not connect production data during development.
5. Keep manual approval enabled in Cursor, Claude Code, Lovable, Bolt, or any MCP client.
6. Do not commit PATs, access tokens, or MCP config containing secrets.
7. Do not use MCP with sensitive user-submitted content unless you review the resulting tool calls.

Launch Safety Pack

Early-access pack with 15 bundles: AI repair prompts, test scripts, policy templates, MCP guards, and more.

Supabase MCP safe setup guidance: Example read-only MCP URL: https://mcp.supabase.com/mcp?project_ref=YOUR_PROJECT_REF&read_only=true&features=database,docs Use these guardrails: 1. Scope the connection to a specific project_ref, not broad account access. 2. Use read_only=true where possible. 3. Limit feature groups to the minimum needed, such as database and docs. 4. Do not connect production data during development. 5. Keep manual approval enabled in Cursor, Claude Code, Lovable, Bolt, or any MCP client. 6. Do not commit PATs, access tokens, or MCP config containing secrets. 7. Do not use MCP with sensitive user-submitted content unless you review the resulting tool calls.