baremcp
Verified Safeby barecommerce-core
Overview
Manage BareCommerceCore e-commerce stores using AI assistants via the Model Context Protocol (MCP).
Installation
baremcpEnvironment Variables
- BARECOMMERCE_API_URL
- BARECOMMERCE_API_KEY
- BARECOMMERCE_DEFAULT_STORE_ID
Security Notes
The server demonstrates strong security practices: - OAuth Device Flow prevents API keys from being exposed in chat. - Credentials are encrypted at rest with AES-256-GCM using a machine-specific key, ensuring confidentiality and integrity. - Webhook URLs are rigorously validated to prevent Server-Side Request Forgery (SSRF) by blocking private IPs and non-HTTPS schemes. - Command injection is prevented by using 'child_process.spawn' with array arguments for browser opening. - Sensitive information is sanitized from error messages to prevent disclosure in client responses. - Extensive Zod schemas are used for input validation across all tools. - Explicit privacy policy states no telemetry or analytics collection.
Similar Servers
boilerplate-mcp-server
Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.
ebay-mcp
Enables AI assistants to manage eBay selling operations, including inventory, orders, marketing, and analytics, through a Model Context Protocol (MCP) server.
mcp-typescript-simple
Production-ready MCP (Model Context Protocol) server with dual-mode operation (STDIO & HTTP), multi-LLM integration, and OAuth authentication, designed for horizontal scalability and comprehensive observability.
mcp-partner-integration-demo
A Model Context Protocol (MCP) server designed for Vercel deployment, enabling AI agents (like ChatGPT) to interact with Shopify for product search and Stripe for creating checkout sessions and managing payments, facilitating natural language commerce workflows.