Mercado Libre MCP Server

WarnAudited by ClawScan on May 18, 2026.

Overview

The skill appears to do what it claims, but it gives an AI direct ability to change Mercado Libre listings, ads, and public buyer answers using your seller credentials without built-in confirmation.

Install only if you are comfortable giving the agent Mercado Libre seller-account authority. Configure your MCP client to require manual approval before any write action, avoid sharing logs, and consider restricting credentials or using a separate test account first.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

An agent or mistaken prompt could change listing prices, stock, advertising state, or public buyer-facing responses, affecting sales and reputation.

Why it was flagged

The price update tool performs the Mercado Libre account mutation directly. Similar write tools update stock, answer public buyer questions, and manage ads, but the artifacts do not show a built-in pre-execution confirmation gate.

Skill content

await mlFetch<MLProduct>(`/items/${item_id}`, {
        method: 'PUT',
        body: { price },
      })

Recommendation

Use this only with a client that requires explicit approval for write tools, and consider adding a dry-run/confirm-before-write workflow for price, stock, ads, and public answers.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Bad or manipulated tool arguments could cause calls outside the intended listing endpoint scope.

Why it was flagged

The tool only validates item_id as a string and later interpolates it into an API path. Without a strict item-ID pattern or URL encoding, malformed tool input could potentially reach unintended Mercado Libre API paths under the user's token.

Skill content

item_id: z.string().describe('ID de la publicación (ej: MLA1234567890)')

Recommendation

Validate IDs with strict patterns, URL-encode path components, and keep write endpoints narrowly scoped.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone with these environment variables can potentially access or modify the connected Mercado Libre seller account through this server.

Why it was flagged

The server requires Mercado Libre OAuth credentials and a refresh token to obtain access tokens for seller operations. This is expected for the integration, but it is sensitive account authority.

Skill content

const clientSecret = process.env.ML_CLIENT_SECRET || ''
  const refreshToken = process.env.ML_REFRESH_TOKEN || ''

Recommendation

Use least-privileged Mercado Libre app permissions if available, keep credentials out of shared logs/configs, and rotate them if exposed.

Low

#ASI03: Identity and Privilege Abuse

What this means

Shared terminal output or logs may reveal part of a refreshed credential.

Why it was flagged

When Mercado Libre returns a new refresh token, the code logs the first 20 characters. This is not a full-token leak, but it is still sensitive token material in logs.

Skill content

console.error(
      `[ml-mcp] Refresh token actualizado. Nuevo: ${data.refresh_token.substring(0, 20)}...`
    )

Recommendation

Avoid logging any token material; log only that rotation occurred, and keep runtime logs private.