74
/ 100
11 days ago
glama

CheckSlip MCP

A remote MCP server for verifying Thai bank transfer slips using slip images, QR payloads, or transaction references, with OAuth 2.1 authentication and duplicate detection.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Secret credentials may flow to a network call
2 flows detected: SLIP_API_URL. We can’t prove the destination matches the brand the credential belongs to.
🔐
You'll be asked for 6 credentials: ADMIN_PASSWORD, MCP_AUTH_TOKEN, SESSION_SECRET, SLIP_API_KEY, UEX_ACCESS_KEY, UEX_LICENSE_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretADMIN_PASSWORD. A static MCP_AUTH_TOKEN is still accepted as a fallback for
configALLOWED_ORIGINSNo Comma-separated allowlist. Empty allows requests with no Origin.
configBASE_PATH
configBASE_URL
configDATABASE_URLconsole. They run against the dev Postgres database () and create
configDUPLICATE_SCOPE
configLEGAL_CONTACT_EMAIL
configLEGAL_ENTITY_NAME
configLOG_LEVEL
🔐 secretMCP_AUTH_TOKENADMIN_PASSWORD. A static is still accepted as a fallback for
configMCP_REGISTRY_AUTH
configPORT
configREPL_ID
🔐 secretSESSION_SECRETJWT access token (signed with , audience <base>/mcp) plus a
configSHOP_RECEIVER_ACCOUNT_LAST4No Default receiver last 4 for the mock provider.
configSHOP_RECEIVER_NAMENo Default receiver name for the mock provider.
configSLIP_API_AUTH_HEADERNo Header name for the key (default Authorization).
🔐 secretSLIP_API_KEYgeneric only Custom provider API key.
configSLIP_API_KEY_PREFIXNo Prefix for the key value (default Bearer).
configSLIP_API_URLgeneric only Custom provider verify endpoint.
configSLIP_PROVIDERNo mock (default), uex, or generic.
🔐 secretUEX_ACCESS_KEYuex only Secret. UEX access-key.
configUEX_ACCOUNT_NOuex only Secret. UEX bank account number (used in the request path).
configUEX_API_BASE_URLNo UEX base URL (default https://api-fin.uexchange.io/v1/fin/bank).
🔐 secretUEX_LICENSE_KEYuex only Secret. UEX x-license-key.
configUSED_SLIP_RETENTION_DAYS
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 8 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/overflowget-checkslip-mcp-04yszi)](https://m8ven.ai/mcp/overflowget-checkslip-mcp-04yszi)
commit: d5f58f3a93d1febf98b94920c6d603673c9ff884
code hash: 08354cf28b510e85523b4731a055ef05bdf7b2667f2b630896eca95ace0ed6db
verified: 7/1/2026, 9:58:21 AM
view raw JSON →