Server data from the Official MCP Registry
Brazilian company, risk & public-tender data (CNPJ, CEIS/CNEP, PNCP) as x402-paid agent tools
Brazilian company, risk & public-tender data (CNPJ, CEIS/CNEP, PNCP) as x402-paid agent tools
brdata-mcp is a well-structured MCP server for Brazilian company and procurement data with proper authentication via x402 micropayments. The codebase is clean with appropriate input validation using Zod schemas. The primary security concern is the necessity to handle EVM_PRIVATE_KEY for wallet-based payments, which the developers correctly document as a risk requiring a dedicated wallet. No code injection, data exfiltration, or malicious patterns detected. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
3 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: EVM_PRIVATE_KEY
Environment variable: BRDATA_BASE_URL
Environment variable: X402_NETWORK
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-thomenz-brdata-mcp": {
"env": {
"X402_NETWORK": "your-x402-network-here",
"BRDATA_BASE_URL": "your-brdata-base-url-here",
"EVM_PRIVATE_KEY": "your-evm-private-key-here"
},
"args": [
"-y",
"brdata-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
An MCP (Model Context Protocol) server for Brazilian company & public-procurement data, for agent harnesses (Claude Code, Claude Desktop, …). It covers: CNPJ company registry lookup (basic + full due-diligence), company search/discovery across ~28M active companies by filters (CNAE activity, state/city, size, MEI, name), public tenders / licitações via PNCP (decode Compras.gov.br IDs, resolve, header, line items, edital documents, keyword search), NF-e & boleto decoding, CEP lookup, and batch document validation — for KYB, due diligence, and B2G (public-sector) sales intelligence.
Paid tools automatically settle the underlying x402-protected HTTP endpoints in USDC on Base using a wallet you configure; a call is charged only on success.
| Tool | Endpoint | Price | Description |
|---|---|---|---|
lookup_company | GET /company/{cnpj} | $0.01 | Consolidated registry profile |
lookup_company_full | GET /company/{cnpj}/full | $0.10 | + partners (QSA) + sanctions |
screen_company_risk | GET /risk/company/{cnpj} | $0.03 | Regulatory risk & compliance screen: federal debarment (CEIS), anti-corruption (CNEP) & leniency → verdict + 0–100 score |
decode_nfe_key | GET /nfe/{key} | $0.005 | NF-e/NFC-e 44-digit access-key decoder |
decode_boleto | POST /boleto/decode | $0.005 | Boleto digitable-line decoder |
validate_documents | POST /validate/batch | $0.002 | Batch validate CPF/CNPJ/PIS/plate/Pix (≤100) |
lookup_cep | GET /cep/{cep} | $0.005 | Enriched postal-code lookup |
search_companies | POST /companies/search | $0.05/page | Search & segment active companies by CNAE/location/size/age/name |
decode_tender_id | GET /tender/decode/{id} | $0.005 | Offline decode of a Compras.gov.br 17-digit tender id |
resolve_tender | POST /tender/resolve | $0.02 | Resolve any tender reference (id/URL/control number) to PNCP + summary |
get_tender | GET /tender/{cnpj}/{year}/{seq} | $0.01 | Full tender header (PNCP) |
get_tender_items | GET /tender/{cnpj}/{year}/{seq}/items | $0.03 | All tender items + ME/EPP-exclusive flags |
get_tender_documents | GET /tender/{cnpj}/{year}/{seq}/documents | $0.01 | Tender document URIs (no PDF download) |
search_tenders | POST /tender/search | $0.05 | Search public tenders (PNCP) by keyword |
validate_cnpj | GET /validate/{cnpj} | free | Single CNPJ check-digit validation |
search_companies requires the Worker to have the Phase 2 database configured (Hyperdrive);
otherwise it returns a 503 (and no payment is charged). MEI contact data is redacted (LGPD).
Environment variables:
| Var | Required | Default | Meaning |
|---|---|---|---|
BRDATA_BASE_URL | no | https://brdata.thomenz.me | Base URL of a brdata Worker (defaults to the hosted production API) |
EVM_PRIVATE_KEY | for paid tools | — | 0x-prefixed key of the paying wallet (holds USDC) |
X402_NETWORK | no | base | base (mainnet, matches the default URL) or base-sepolia (testnet) |
EVM_PRIVATE_KEY controls real funds. Anything that can read this process'
environment (or the MCP config file) can spend from that wallet.
base-sepolia) use test USDC only.BRDATA_BASE_URL.Add to your mcpServers configuration:
{
"mcpServers": {
"brdata": {
"command": "npx",
"args": ["-y", "brdata-mcp"],
"env": {
"EVM_PRIVATE_KEY": "0x<dedicated-wallet-key-with-USDC>"
}
}
}
}
For local development against wrangler dev, point BRDATA_BASE_URL at
http://localhost:8787 and use X402_NETWORK=base-sepolia with a testnet wallet.
If you run from source instead of npm, use:
{
"mcpServers": {
"brdata": {
"command": "node",
"args": ["/absolute/path/to/packages/brdata-mcp/dist/index.js"],
"env": { "BRDATA_BASE_URL": "http://localhost:8787", "EVM_PRIVATE_KEY": "0x...", "X402_NETWORK": "base-sepolia" }
}
}
}
"Use brdata to run full due diligence on CNPJ 00.000.000/0001-91."
The agent calls lookup_company_full, which pays $0.10 in USDC and returns the
consolidated English profile with partners and sanction checks.
pnpm install
pnpm run build # emits dist/
pnpm run typecheck
# publish (see checklist in the main repo README before doing this):
npm publish --access public
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.