Critical-risk tools in Supabase

Critical severity Supabase MCP Server 4 of 29 tools

4 of the 29 tools in Supabase are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

delete_branch Destructive

Deletes a development branch.
reset_branch Destructive

Resets migrations of a development branch. Any untracked data or schema changes will be lost.
confirm_cost Financial

Ask the user to confirm their understanding of the cost of creating a new project or branch. Call `get_cost` first. Returns a unique ID for this confirmation which should be pas...
pause_project Destructive

Pauses a Supabase project.

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Supabase

Tools at critical risk

Attacks that target this class

More on Supabase

Enforce policy on every Supabase tool call.