MCP server for Pomelo — pan-LATAM card issuing: users, virtual/physical cards, transactions
MCP server for Pomelo — pan-LATAM card issuing: users, virtual/physical cards, transactions
This is a large monorepo of 110 MCP servers for Latin American commerce APIs. The Sift fraud detection server examined shows proper authentication patterns, no malicious code, and reasonable input validation. However, the repository has moderate risks: API keys are passed through environment variables (standard practice), there is heavy reliance on external APIs with varied auth schemes, and alpha/contract-gated packages introduce uncertainty about endpoint correctness. The codebase is well-structured with clear documentation, but the sheer scale and dependency on third-party services creates operational risk. No critical vulnerabilities found, but users should be aware of auth scope and the alpha status of ~30% of servers. Supply chain analysis found 2 known vulnerabilities in dependencies (1 critical, 0 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 12 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Set these up before or after installing:
Environment variable: POMELO_CLIENT_ID
Environment variable: POMELO_CLIENT_SECRET
Environment variable: POMELO_ENV
Environment variable: POMELO_BASE_URL
Environment variable: POMELO_AUTH_URL
Environment variable: POMELO_AUDIENCE
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-codespar-mcp-pomelo": {
"env": {
"POMELO_ENV": "your-pomelo-env-here",
"POMELO_AUDIENCE": "your-pomelo-audience-here",
"POMELO_AUTH_URL": "your-pomelo-auth-url-here",
"POMELO_BASE_URL": "your-pomelo-base-url-here",
"POMELO_CLIENT_ID": "your-pomelo-client-id-here",
"POMELO_CLIENT_SECRET": "your-pomelo-client-secret-here"
},
"args": [
"-y",
"mcp-dev-latam"
],
"command": "npx"
}
}
}Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.