Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Schema Guard

FreeNot checked

Audits PostgreSQL/Supabase schemas for security issues like missing RLS, permissive policies, and sensitive data exposure during AI conversations.

GitHubEmbed

About

Audits PostgreSQL/Supabase schemas for security issues like missing RLS, permissive policies, and sensitive data exposure during AI conversations.

README

A Model Context Protocol server that gives an AI agent (Claude Desktop, Claude Code, or any MCP client) tools to audit Postgres / Supabase SQL for security issues — mid-conversation, with structured results. Point it at a schema and it flags missing RLS, permissive policies, broad grants, SECURITY DEFINER search_path gaps, and secrets in client-readable tables.

Built to show MCP / agent tool-use, and tuned to the exact mistakes that no-code exports ship with.

Tools it exposes

Tool What it does
audit_sql Full audit of a SQL schema → ranked findings (severity, rule, line, fix) + verdict.
rls_coverage Quick per-table yes/no of whether RLS is enabled.
list_rules The checks it runs, with rationale.

Checks

RLS-001 table without RLS · RLS-002 RLS on but no policy · POL-001 USING (true) policy · GRANT-001 broad grant to anon/public · SECDEF-001 SECURITY DEFINER without pinned search_path · COL-001 sensitive column in a client-readable table.

Run the live demo

npm install
npm run demo    # spawns the server, does the MCP handshake, audits a sample schema
npm test        # 10 assertions on the audit engine

The demo is a real MCP client (@modelcontextprotocol/sdk) speaking to the server over stdio — the same handshake Claude performs. It finds 7 issues (2 critical) in fixtures/vulnerable-schema.sql and prints the fix for each.

Wire it into Claude

Claude Desktopclaude_desktop_config.json:

{
  "mcpServers": {
    "schema-guard": {
      "command": "node",
      "args": ["C:/path/to/35-schema-guard-mcp/src/server.js"]
    }
  }
}

Claude Code.mcp.json in your project:

{
  "mcpServers": {
    "schema-guard": { "command": "node", "args": ["./src/server.js"] }
  }
}

Then just ask Claude: “audit this schema for RLS gaps” and paste your SQL — it calls audit_sql and reports back.

Stack

Node (ESM) · @modelcontextprotocol/sdk (stdio transport) · zod · zero external services, deterministic output.

from github.com/yagaMI-Reverse/schema-guard-mcp

Install Schema Guard in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install schema-guard-mcp

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add schema-guard-mcp -- npx -y github:yagaMI-Reverse/schema-guard-mcp

FAQ

Is Schema Guard MCP free?

Yes, Schema Guard MCP is free — one-click install via Unyly at no cost.

Does Schema Guard need an API key?

No, Schema Guard runs without API keys or environment variables.

Is Schema Guard hosted or self-hosted?

Self-hosted: the server runs locally on your machine via the install command above.

How do I install Schema Guard in Claude Desktop, Claude Code or Cursor?

Open Schema Guard on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Schema Guard with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All ai MCPs