ToolTrust
C40/100
Smithery

node2flow-supabase

mcpsmithery

@Smithery

MCP server for Supabase — 31 tools for database CRUD, storage, auth admin, project management, edge functions, and secrets via REST + Management APIs. ## Features - Database CRUD with PostgREST filtering, resource embedding (JOINs), and RPC - Storage bucket and object management with signed URLs - Auth admin for user creation, updates, bans, and deletion - Project lifecycle management (create, pause, restore) - Execute SQL queries and generate TypeScript types - Edge function inspection and secret/API key management ## 31 Tools - **Database REST (6):** sb_list_records, sb_insert_records, sb_update_records, sb_upsert_records, sb_delete_records, sb_call_function - **Storage (6):** sb_list_buckets, sb_create_bucket, sb_delete_bucket, sb_list_objects, sb_delete_objects, sb_create_signed_url - **Auth Admin (5):** sb_list_users, sb_get_user, sb_create_user, sb_update_user, sb_delete_user - **Projects (5):** sb_list_projects, sb_get_project, sb_create_project, sb_pause_project, sb_restore_project - **Database Management (3):** sb_run_query, sb_list_migrations, sb_get_typescript_types - **Edge Functions (2):** sb_list_functions, sb_get_function - **Secrets & Keys (4):** sb_list_secrets, sb_create_secrets, sb_delete_secrets, sb_list_api_keys ## Configuration - `SUPABASE_URL` — Project URL (e.g. `https://xxx.supabase.co`) — for database, storage, auth tools - `SUPABASE_SERVICE_ROLE_KEY` — Service role key (bypasses RLS) — from Settings → API - `SUPABASE_ACCESS_TOKEN` — Personal access token — for project management tools (from dashboard → Account → Access Tokens)

By Smithery | 74 findings | Scanned 4/19/2026 | tooltrust-scanner/v0.3.8

8 High25 Medium10 Low31 Info

Risk Summary

Needs Approval

Excessive Permissions plus Dep Visibility raises enough risk that this tool should not be auto-trusted.

Potential impact: The agent may gain overly broad access to files, network, databases, or execution capabilities.

Recommended action: Keep this tool behind manual approval and avoid unattended runs until the risky capabilities are narrowed or removed.

Suggested policy: keep this tool behind manual approval, do not allow unattended runs, and re-scan after narrowing risky permissions.

Security Findings (74)

  • HighAS-002

    ⚠️Excessive Permissions ×5

    tool declares network permission

    sb_create_signed_urlsb_get_projectsb_run_querysb_list_api_keys

    tool declares exec permission

    sb_run_query

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • HighAS-010

    🔑Insecure Secret Handling ×3

    input parameter "password" appears to accept a secret or credential

    sb_create_usersb_update_user

    input parameter "secrets" appears to accept a secret or credential

    sb_create_secrets

    Fix: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.

  • MediumAS-002

    ⚠️Excessive Permissions ×25

    tool declares fs permission

    sb_update_recordssb_delete_recordssb_create_bucketsb_delete_bucketsb_list_objectssb_delete_objectssb_create_signed_urlsb_create_usersb_update_usersb_delete_usersb_create_projectsb_create_secretssb_delete_secrets

    tool declares db permission

    sb_call_functionsb_list_projectssb_get_projectsb_create_projectsb_pause_projectsb_restore_projectsb_run_querysb_list_migrationssb_get_typescript_types

    tool declares env permission

    sb_list_secretssb_create_secretssb_delete_secrets

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • LowAS-002

    ⚠️Excessive Permissions ×3

    tool declares http permission

    sb_list_recordssb_call_functionsb_restore_project

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • LowAS-011

    ℹ️Missing Rate-Limit / Timeout ×7

    tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

    sb_list_recordssb_call_functionsb_create_signed_urlsb_get_projectsb_restore_projectsb_run_querysb_list_api_keys

    Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

  • InfoAS-014

    ℹ️Dependency Inventory Unavailable ×31

    Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

    sb_list_recordssb_insert_recordssb_update_recordssb_upsert_recordssb_delete_recordssb_call_functionsb_list_bucketssb_create_bucketsb_delete_bucketsb_list_objectssb_delete_objectssb_create_signed_urlsb_list_userssb_get_usersb_create_usersb_update_usersb_delete_usersb_list_projectssb_get_projectsb_create_projectsb_pause_projectsb_restore_projectsb_run_querysb_list_migrationssb_get_typescript_typessb_list_functionssb_get_functionsb_list_secretssb_create_secretssb_delete_secretssb_list_api_keys

    Fix: Review and remediate the identified issue.

Scan this tool yourself

Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.

Install once, then scan any MCP server:

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
$ tooltrust-scanner scan --server "npx -y node2flow-supabase"

Adjust the package name if your npm registry name differs from the tool ID. View source

Add badge to your README

Copy this Markdown to show your ToolTrust grade on GitHub.

[![ToolTrust Grade C](https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-directory/main/docs/badges/grade-c.svg)](https://github.com/AgentSafe-AI/tooltrust-directory)