Brex MCP Server
Community Brex corporate card and expense management MCP server with transactions, budgets, and receipt matching
Score Breakdown
Server Info
- Package
- mcp-brex
- Registry
- npm
- Repository
- dennisonbertram/mcp-brex
- Maintainer
- Community
- Category
- Finance & Payments
- Tags
- expensescorporate-cardsfinance
- Last Scanned
- 7 Apr 2026
Findings
5 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Uses a static API key (BREX_API_KEY) passed via environment variables. Stdio transport only via StdioServerTransport. Has built-in rate limiting configuration via env vars. No OAuth, no HTTP/SSE transport. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
LLM Safety
MEDIUM2 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
MEDIUMOverlapping tool descriptions may cause wrong selection
Similar descriptions between tools could cause the LLM to pick the wrong one.
Differentiate descriptions with unique use cases.
Maintenance & Trust
LOWCommunity-maintained by Dennison Bertram
No official vendor backing.
Seek vendor verification.
HIGH19 dependency vulnerabilities (1 critical, 12 high)
npm audit found 1 critical and 12 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
21 total| Name | Description | Risk |
|---|---|---|
| get_budgets | List budgets (read-only). Example: {"limit":10} | read |
| get_budget | Get a budget by ID (read-only). Returns the complete budget object. | read |
| get_spend_limits | List spend limits (read-only). Example: {"limit":10,"status":"ACTIVE"} | read |
| get_spend_limit | Get a spend limit by ID (read-only). | read |
| get_budget_programs | List budget programs (read-only). Returns complete budget program objects. | read |
| get_budget_program | Get a budget program by ID (read-only). | read |
| get_expense | Get a single expense by ID. Returns the complete expense object. | read |
| get_card_expense | Get a single card expense by ID. Returns the complete card expense object. | read |
| get_card_statements_primary | Get complete statements for the primary card account. Returns full statement objects. | read |
| get_cash_transactions | LIST: Cash transactions (requires cash scopes). Returns complete transaction objects. | read |
| get_card_transactions | LIST: Primary card transactions. Returns complete transaction objects. | read |
| get_cash_account_statements | Get cash account statements by account ID. Returns complete statement objects. | read |
| get_transactions | Get transactions for a Brex account | read |
| get_expenses | LIST (single page): Expenses with optional filters. Returns complete expense objects. | read |
| get_account_details | Get detailed information about a Brex account | read |
| upload_receipt | Upload a receipt image to match with expenses | write |
| match_receipt | Create a pre-signed URL for uploading a receipt that will be automatically matched with existing expenses | write |
| update_expense | Update an existing card expense | write |
| get_all_accounts | Get all Brex accounts with pagination support | read |
| get_all_expenses | LIST: Paginated expenses with filters. Returns complete expense objects. | read |
| get_all_card_expenses | LIST: Paginated card expenses (no expense_type needed). Returns complete card expense objects. | read |
Deploy Brex MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow