Mercado Libre MCP Server

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Mercado Libre seller tool, but it can change live listings and ads and unnecessarily logs part of a refreshed credential.

Install only if you intend to let an agent operate a Mercado Libre seller account. Use a client or workflow that requires explicit approval before every write action, keep credentials in secret storage, avoid shared or retained stderr logs, and rotate tokens if token prefixes may already have been logged.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill explicitly requires environment secrets and will perform networked operations against Mercado Libre APIs, but the manifest does not declare permissions that would make these capabilities transparent to users or enforcement layers. This increases the risk of over-privileged or unexpected access to seller data and account-changing actions such as price, stock, question, and ads management.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README prominently exposes multiple write-capable seller operations such as price updates, stock changes, question responses, and ad management, but does not warn users that these actions affect live Mercado Libre listings and business operations. In an MCP context, where an agent may execute tools from natural-language prompts, lack of clear safety guidance increases the risk of accidental destructive or unauthorized changes to production marketplace data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions ask users to provide highly sensitive OAuth credentials and refresh tokens and describe automatic token refresh, but they do not warn about secure storage, rotation, or the fact that seller/account/order data will be transmitted to Mercado Libre APIs. In a skill that handles commerce operations and can read or modify listings, orders, questions, and ads, this omission materially raises the chance of credential mishandling and unintended exposure of business data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The manifest requests highly privileged Mercado Libre credentials, including a client secret and long-lived refresh token, but provides no user-facing warning about the scope of access or the consequences of granting it. In the context of tools that can modify prices, stock, ads, and public question responses, compromise or misuse of these credentials could let an operator take over key seller operations and materially affect revenue, reputation, and customer interactions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code logs the first 20 characters of a newly issued refresh token to stderr. Even partial disclosure of a long-lived credential materially weakens its secrecy, can aid token correlation or reconstruction attempts, and may expose sensitive data to centralized logs, support staff, or other tenants depending on deployment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This tool performs a real remote state-changing PUT request that updates Mercado Libre inventory without any explicit confirmation, dry-run mode, or friction in the tool itself. In an agentic context, ambiguous prompts, model mistakes, or prompt-injection elsewhere could cause unintended stock changes that directly affect listings and business operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal