Is Bitrefill Mcp Server safe to use?

Bitrefill Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Bitrefill Mcp Server?

Bitrefill Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Bitrefill Mcp Server do?

Bitrefill Mcp Server provides 18 tools: search-products, product-details, buy-products, get-invoice-by-id, get-order-by-id and 13 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Bitrefill Mcp Server?

Bitrefill Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Bitrefill Mcp Server actively maintained?

Bitrefill Mcp Server is recently maintained — last commit was 36 days ago. It has 2 GitHub stars.

Bitrefill Mcp Server

Name: Bitrefill Mcp Server
Author: bitrefill

Official

pnpm · by bitrefill

A Model Context Protocol Server connector for Bitrefill public API, to enable AI agents to search and shop on Bitrefill.

2 18 tools GitHub npm

No known CVEs

MIT license

Maintained

Last commit 36d ago

Works with most clients

Transport: stdio, http

18 tools · ~912 tok

Grade B · 0.5% of 200K ctx

Edit this pageView history

Finance E-Commerce

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "bitrefill": {
      "env": {
        "BITREFILL_API_KEY": "your_api_key_here"
      },
      "args": [
        "-y",
        "bitrefill-mcp-server"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/bitrefill-mcp-server)](https://mcppedia.org/s/bitrefill-mcp-server)

Read me

What Bitrefill Mcp Server does

A TypeScript-based MCP server that provides access to Bitrefill services, allowing you to search for gift cards, mobile topups, and more. This server implements the Model Context Protocol to expose Bitrefill functionality to AI assistants.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

12 fixed

CVE-2026-24131medium · fixedCVSS 4

pnpm has Path Traversal via arbitrary file permission modification

### Summary When pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. **Note:** Only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). ### Details Vulnerable code in `pkg-manager/package-bins/src

Affected: >= 0Fixed in 10.28.2source →

CVE-2026-23888low · fixedCVSS 3.1

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

### Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outsid

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23889low · fixedCVSS 3.1

pnpm has Windows-specific tarball Path Traversal

### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** ### Details **1. Incomplete Path Normalization (`store/cafs/src/parseTarball.ts:107-110`)** ```typescript if (fileName.includes('./')) { fileName = path.posix.join('/'

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23890low · fixedCVSS 3.1

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

### Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. ### Details The vulnerability exists in the bin name validation and normalization logic: **1. Validation Bypass (`pkg-manager/package-bins/src/index.ts`)** The filter allows any bin name starting wit

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-24056low · fixedCVSS 3.1

pnpm has symlink traversal in file:/git dependencies

### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. **Preconditions:** Only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affe

Affected: >= 0Fixed in 10.28.2source →

Inventory

Tools (18)

Click any tool to inspect its schema.

~912 tokens total

Inventory

Resources (4)

payment-methods

Allowed payment_method strings for buy-products and create-esim-invoice

bitrefill://payment-methods

category-slugs

B2B category query values for product list/search

bitrefill://category-slugs

product-types

Product family keys

bitrefill://product-types

product-types-categories

Category slugs per product family

bitrefill://product-types/{productType}

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Bitrefill Mcp Server safe to use?: Bitrefill Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Bitrefill Mcp Server?: Bitrefill Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Bitrefill Mcp Server do?: Bitrefill Mcp Server provides 18 tools: search-products, product-details, buy-products, get-invoice-by-id, get-order-by-id and 13 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Bitrefill Mcp Server?: Bitrefill Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Bitrefill Mcp Server actively maintained?: Bitrefill Mcp Server is recently maintained — last commit was 36 days ago. It has 2 GitHub stars.

Similar servers

Others in finance / ecommerce

View all →

Alpha Vantage Mcp95

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

158 3

Investor Agent93

A Model Context Protocol server for building an investor agent

329 7

io.github.xkumakichi/xaip-mcp-server92

AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.

io.github.PayRam/payram-helper-mcp91

Remote MCP server to integrate and validate self-hosted PayRam deployments.

155 17

MCP Security Weekly

Get CVE alerts and security updates for Bitrefill Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Finance E-Commerce

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "bitrefill": {
      "env": {
        "BITREFILL_API_KEY": "your_api_key_here"
      },
      "args": [
        "-y",
        "bitrefill-mcp-server"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/bitrefill-mcp-server)](https://mcppedia.org/s/bitrefill-mcp-server)

Read me

What Bitrefill Mcp Server does

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

Bitrefill MCP Server (Sample Implementation)

This is a sample / reference implementation. For production use, connect to the official hosted Bitrefill eCommerce MCP at https://api.bitrefill.com/mcp instead. It is maintained by Bitrefill, supports OAuth, and exposes the same tools without you having to run, deploy, or update anything.

Use this repository if you want to learn how a Bitrefill MCP can be built, fork it, extend it, or self-host a customized variant on top of the Bitrefill API v2.

This server wraps the Bitrefill API v2 (https://api.bitrefill.com/v2) using Authorization: Bearer ${BITREFILL_API_KEY}. Only request parameters are validated with Zod; API responses are returned as JSON text unchanged.

Use the official remote MCP (recommended for production)

The Bitrefill eCommerce MCP is hosted by Bitrefill and is the recommended way to integrate with ChatGPT, Claude Desktop / Code, Cursor, and any other MCP-compatible client.

OAuth (recommended). Point your client at:
```
https://api.bitrefill.com/mcp
```
You'll be redirected to Bitrefill to sign in and authorize access. No API key handling required.
API key. Append your key from bitrefill.com/account/developers:
```
https://api.bitrefill.com/mcp/YOUR_API_KEY
```

Setup guides per client: ChatGPT, Claude Desktop, Claude Code, Cursor.

When to use this repo instead

Run this local MCP only if you need to:

Study a working reference implementation of a Bitrefill MCP server.
Fork it to add custom tools, prompts, validation, logging, or routing.
Self-host inside a private network or air-gapped environment.
Experiment with a wider set of v2 endpoints (this sample exposes 18 tools, while the official remote MCP intentionally exposes a curated set of 7; see eCommerce MCP).

For everyday "buy gift cards / eSIMs from my AI assistant" use cases, prefer the hosted server above.

Configuration

Create an API key: Bitrefill account → Developers.
Set in the environment (or .env for local runs):

BITREFILL_API_KEY=your_api_key_here

If BITREFILL_API_KEY is missing, no tools are registered (v2 requires authentication even for ping).

Tools (v1.0.0)

Tool	API
`search-products`	`GET /products/search` (with `q`) or `GET /products` (browse)
`product-details`	`GET /products/{id}`
`buy-products`	`POST /invoices`
`get-invoice-by-id`	`GET /invoices/{id}`
`get-order-by-id`	`GET /orders/{id}`
`list-invoices`	`GET /invoices`
`list-orders`	`GET /orders`
`pay-invoice`	`POST /invoices/{id}/pay`
`get-account-balance`	`GET /accounts/balance`
`check-phone-number`	`GET /check_phone_number`
`ping`	`GET /ping`
`list-esim-products`	`GET /products/esims`
`get-esim-product`	`GET /products/esims/{id}`
`create-esim-invoice`	`POST /esims`
`get-esim-invoice`	`GET /esims/invoice/{id}`
`pay-esim-invoice`	`POST /esims/invoice/{id}/pay`
`list-esims`	`GET /esims`
`get-esim`	`GET /esims/{id}`

Breaking change vs 0.x: old snake_case tool names (search, create_invoice, unseal_order, ...) were removed. Use the names above. There is no unseal_order in v2; GET /orders/{id} returns redemption_info when delivered.

Resources

bitrefill://payment-methods: allowed payment_method strings for buy-products / create-esim-invoice
bitrefill://category-slugs: B2B category

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

78/100across 5 weighted dimensions

How we score →

0255075100

−22

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

12 fixed

CVE-2026-24131medium · fixedCVSS 4

pnpm has Path Traversal via arbitrary file permission modification

Affected: >= 0Fixed in 10.28.2source →

CVE-2026-23888low · fixedCVSS 3.1

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23889low · fixedCVSS 3.1

pnpm has Windows-specific tarball Path Traversal

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23890low · fixedCVSS 3.1

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-24056low · fixedCVSS 3.1

pnpm has symlink traversal in file:/git dependencies

Affected: >= 0Fixed in 10.28.2source →

Inventory

Tools (18)

Click any tool to inspect its schema.

~912 tokens total

Inventory

Resources (4)

payment-methods

Allowed payment_method strings for buy-products and create-esim-invoice

bitrefill://payment-methods

category-slugs

B2B category query values for product list/search

bitrefill://category-slugs

product-types

Product family keys

bitrefill://product-types

product-types-categories

Category slugs per product family

bitrefill://product-types/{productType}

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Bitrefill Mcp Server safe to use?: Bitrefill Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Bitrefill Mcp Server?: Bitrefill Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Bitrefill Mcp Server do?: Bitrefill Mcp Server provides 18 tools: search-products, product-details, buy-products, get-invoice-by-id, get-order-by-id and 13 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Bitrefill Mcp Server?: Bitrefill Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Bitrefill Mcp Server actively maintained?: Bitrefill Mcp Server is recently maintained — last commit was 36 days ago. It has 2 GitHub stars.