Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mercado Libre MCP Server
v1.0.0Complete MCP server for Mercado Libre seller operations — products, orders, pricing, stock, questions, ads, reputation, competitor analysis
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, tools, required binaries (node) and npm dependencies (@modelcontextprotocol/sdk, zod) align with a MCP server for Mercado Libre. The requested env vars (ML_CLIENT_ID, ML_CLIENT_SECRET, ML_REFRESH_TOKEN) are expected for OAuth auto-refresh mode.
Instruction Scope
SKILL.md and README instruct only to set ML credentials and run the server; runtime instructions call only Mercado Libre APIs. However, auth.ts logs a portion of any newly returned refresh_token to stderr and writes the new refresh_token into process.env — these actions broaden what runtime output may contain and can leak secrets into logs.
Install Mechanism
There is no external download/install-from-URL; this is an instruction/code-only package with dependencies declared in package.json. Dependencies come from npm (typical). No suspicious install URLs or archive extraction were found.
Credentials
Requested env vars (ML_CLIENT_ID, ML_CLIENT_SECRET, ML_REFRESH_TOKEN) are appropriate for auto-refresh, but SKILL.md also documents an alternative ML_ACCESS_TOKEN mode that is not declared as an optional required env in the registry metadata. More importantly, the code prints the new refresh token (first 20 chars) to stderr when ML returns an updated refresh_token, which can leak sensitive credentials into logs/monitoring systems.
Persistence & Privilege
always: false and normal autonomous invocation are set. The skill registers tools and runs as a stdio MCP server; it does not modify other skills or system-wide configuration. Updating process.env at runtime is local to the process and not itself a persistence escalation, but combined with stderr logging it poses an information-leak risk.
What to consider before installing
This package appears to implement the Mercado Libre MCP features it claims, but take precautions before installing or running it with real credentials:
- The code will perform OAuth refreshes and, if Mercado Libre returns a new refresh_token, the server will set process.env.ML_REFRESH_TOKEN and print the first ~20 characters of the new refresh token to stderr. That log can expose part of your credential to logs/monitoring systems. Consider removing or redacting that console.error line before running, or ensure logs are not stored in an untrusted place.
- If you don't need auto-refresh, prefer supplying ML_ACCESS_TOKEN (short-lived) managed by your own scheduler (n8n/cron) instead of giving client_secret + refresh_token to this process.
- Run the server in an isolated environment/container, not on a host with other sensitive workloads or shared logging, and rotate credentials after first use if you test it.
- Review dependencies (npm modules) and run npm audit / vet the @modelcontextprotocol/sdk package versions you will install.
- Check that the ML_CLIENT_ID/ML_CLIENT_SECRET you provide have minimal scopes required for the operations you need.
If you want, I can point to the exact lines to change (remove/redact the refresh token log) and show a small patch to avoid printing tokens to stderr.src/auth.ts:12
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9786v0hnmfgy6e5b6g21p8vf983hc0m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛒 Clawdis
Binsnode
EnvML_CLIENT_ID, ML_CLIENT_SECRET, ML_REFRESH_TOKEN
Primary envML_REFRESH_TOKEN