How do I install Dev Latam?

Dev Latam is a local plugin. Install it using npm package: @codespar/mcp-safrapay and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Dev Latam need?

Dev Latam requires the following credentials or environment variables: SAFRAPAY_CLIENT_ID, SAFRAPAY_CLIENT_SECRET, SAFRAPAY_MERCHANT_ID, SAFRAPAY_ENV. You can find setup instructions on the server detail page.

What AI apps work with Dev Latam?

Dev Latam uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Dev Latam MCP Server

by User

Developer ToolsUse Caution4.2LocalNew

Free

MCP server for Safrapay — Banco Safra acquirer: credit, Pix, boleto + split, 3DS, chargebacks

About

MCP server for Safrapay — Banco Safra acquirer: credit, Pix, boleto + split, 3DS, chargebacks

Security Report

4.2

Use Caution4.2High Risk

This is a monorepo for 109 MCP servers wrapping LATAM commerce APIs. The codebase shows good security practices overall — API keys are properly sourced from environment variables, authentication flavors (Basic, OAuth, API Key) are correctly applied per provider, and input validation is present in tool schemas. However, moderate risks exist: (1) the catalog is extremely broad with inconsistent maturity levels (alpha packages ship with TODO(verify) endpoints), (2) code quality concerns include broad error handling with sensitive data potentially logged, (3) dependency management across 109 servers creates maintenance burden, and (4) HTTP transport support adds complexity. The examined Sift server is well-structured but representative of a pattern where each server's security depends on individual developer discipline across a large team. Supply chain analysis found 2 known vulnerabilities in dependencies (1 critical, 0 high severity). Package verification found 1 issue (1 critical, 0 high severity).

4 files analyzed · 10 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Unverified package source

We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.

What You'll Need

Set these up before or after installing:

Safrapay merchant CNPJ (sent as merchantCredential header on auth)Optional

Environment variable: SAFRAPAY_CLIENT_ID

Safrapay MerchantToken used to compute the BCRYPT Authorization header on authRequired

Environment variable: SAFRAPAY_CLIENT_SECRET

Safrapay merchant id (used in request bodies where applicable)Optional

Environment variable: SAFRAPAY_MERCHANT_ID

Environment: 'sandbox' or 'production'. Defaults to sandbox.Optional

Environment variable: SAFRAPAY_ENV

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-codespar-mcp-safrapay": {
      "env": {
        "SAFRAPAY_ENV": "your-safrapay-env-here",
        "SAFRAPAY_CLIENT_ID": "your-safrapay-client-id-here",
        "SAFRAPAY_MERCHANT_ID": "your-safrapay-merchant-id-here",
        "SAFRAPAY_CLIENT_SECRET": "your-safrapay-client-secret-here"
      },
      "args": [
        "-y",
        "mcp-dev-latam"
      ],
      "command": "npx"
    }
  }
}