How do I install Dev Latam?

Dev Latam is a local plugin. Install it using npm package: @codespar/mcp-c6 and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Dev Latam need?

Dev Latam requires the following credentials or environment variables: C6_CLIENT_ID, C6_CLIENT_SECRET, C6_CERT_PATH, C6_KEY_PATH, C6_ENV. You can find setup instructions on the server detail page.

What AI apps work with Dev Latam?

Dev Latam uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Dev Latam MCP Server

by User

Developer ToolsUse Caution4.2LocalNew

Free

MCP server for C6 Bank — Pix (cob/cobv), DICT keys, Boleto, balance, statement (OAuth2 + mTLS)

About

MCP server for C6 Bank — Pix (cob/cobv), DICT keys, Boleto, balance, statement (OAuth2 + mTLS)

Security Report

4.2

Use Caution4.2High Risk

This is a monorepo containing 109 MCP servers for Latin American commerce integrations. The codebase is well-structured with proper authentication patterns, but several moderate security concerns exist: multiple servers require environment variable credentials without runtime validation, the Sift server (and likely others) lacks input validation on API request parameters allowing potential injection attacks, and broad network permissions are standard across the catalog. The alpha-tier servers are particularly concerning as they ship with unverified endpoint paths marked TODO(verify). Overall, permissions align with the category baseline, but code quality gaps in input sanitization and error handling warrant attention before production deployment. Supply chain analysis found 2 known vulnerabilities in dependencies (1 critical, 0 high severity). Package verification found 1 issue (1 critical, 0 high severity).

4 files analyzed · 14 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

process_spawn

Check that this permission is expected for this type of plugin.

Unverified package source

We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.

What You'll Need

Set these up before or after installing:

C6 OAuth client_id issued via the Developer Portal after contract onboarding.Optional

Environment variable: C6_CLIENT_ID

C6 OAuth client_secret.Required

Environment variable: C6_CLIENT_SECRET

Absolute path to the mTLS client certificate (.crt or .pem). BACEN mandates mTLS for Pix v2.Optional

Environment variable: C6_CERT_PATH

Absolute path to the mTLS private key (.key or .pem).Required

Environment variable: C6_KEY_PATH

Environment: 'sandbox' or 'production'. Defaults to 'sandbox'.Optional

Environment variable: C6_ENV

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-codespar-mcp-c6": {
      "env": {
        "C6_ENV": "your-c6-env-here",
        "C6_KEY_PATH": "your-c6-key-path-here",
        "C6_CERT_PATH": "your-c6-cert-path-here",
        "C6_CLIENT_ID": "your-c6-client-id-here",
        "C6_CLIENT_SECRET": "your-c6-client-secret-here"
      },
      "args": [
        "-y",
        "mcp-dev-latam"
      ],
      "command": "npx"
    }
  }
}