youtube-music-mcp-server
by CaullenOmdahl
Overview
Full-featured MCP server for YouTube Music to search, manage playlists, and create smart recommendations through AI assistants.
Installation
npm startEnvironment Variables
- GOOGLE_OAUTH_CLIENT_ID
- GOOGLE_OAUTH_CLIENT_SECRET
- ENCRYPTION_KEY
- DATABASE_URL
- SPOTIFY_CLIENT_ID
- SPOTIFY_CLIENT_SECRET
Security Notes
The server uses AES-256-GCM for encrypting OAuth tokens for persistence, which is generally robust. However, if the `ENCRYPTION_KEY` environment variable is not explicitly provided, it falls back to a hardcoded, insecure default key. This makes stored tokens easily recoverable and poses a critical vulnerability. Input validation for tool parameters is handled using Zod, and database queries use parameterized statements to prevent SQL injection. OAuth is handled via the MCP SDK's proxy provider, abstracting many security complexities. The YTM_API_KEY is a publicly known key and not a secret.
Similar Servers
spotify-mcp-server
Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).
spotify-streamable-mcp-server
Provides an LLM-friendly interface to control Spotify playback, search music, and manage playlists/saved songs, enabling voice control and smart-home automations.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.
mcp-youtube
Empowers AI language models to retrieve token-optimized, structured YouTube data for video search, detail retrieval, transcript fetching, channel analysis, and trend discovery.