spotify-mcp
Verified Safeby 254binaryninja
Overview
An MCP server enabling AI agents to control Spotify playback and manage playlists through a set of defined tools.
Installation
python server.pyEnvironment Variables
- SPOTIFY_CLIENT_ID
- SPOTIFY_CLIENT_SECRET
- TRANSPORT
Security Notes
The server uses `spotipy` for Spotify API interaction, which is a well-established library. Sensitive credentials (client ID/secret) are loaded from environment variables via a `.env` file, preventing hardcoding. The OAuth flow uses `http://127.0.0.1:8888/callback` as a redirect URI, which is standard and safe for local development. The requested Spotify scopes are extensive (`user-read-playback-state`, `user-modify-playback-state`, `user-library-read`, `user-library-modify`, `playlist-modify-public`, `playlist-modify-private`), granting broad control over the user's Spotify account. This is necessary for its functionality but implies that a compromised server could perform significant actions on the user's behalf. However, the code itself does not contain obvious vulnerabilities like `eval`, `exec`, or direct shell command injection points.
Similar Servers
spotify-mcp-server
Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).
spotify-streamable-mcp-server
Provides an LLM-friendly interface to control Spotify playback, search music, and manage playlists/saved songs, enabling voice control and smart-home automations.
sonos-ts-mcp
Control Sonos multi-room audio systems via Model Context Protocol (MCP) for AI-driven home automation and smart audio experiences.
youtube-music-mcp-server
Full-featured MCP server for YouTube Music to search, manage playlists, and create smart recommendations through AI assistants.