tuisic
Verified Safeby Dark-Kernel
Overview
A terminal-based online music streaming application that provides an MCP (Model Context Protocol) server for AI integration, allowing AI clients to control music playback and search.
Installation
/path/to/tuisic/build/tuisic --mcp-serverSecurity Notes
The underlying MusicPlayer module, utilized by the MCP server, contains 'system()' calls for features like downloading tracks (via 'yt-dlp') and clipboard operations, which are vulnerable to command injection if input is not robustly sanitized. While the current MCP server tools do not directly expose these specific vulnerable paths to AI client commands, the presence of such methods in the codebase warrants caution. Additionally, 'execl()' is used for daemon mode, which could be exploited if arguments are not sanitized. There's a minor risk from 'notify-send' calls if messages contain shell metacharacters.
Similar Servers
discogs-mcp-server
MCP Server for the Discogs API, enabling music catalog operations, search functionality, and more.
spotify-streamable-mcp-server
An HTTP MCP server for Spotify, enabling LLMs to search music, control playback, and manage playlists/saved songs for voice interfaces and smart-home automations.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
MCP-Server_AI-interaction
Facilitates advanced user interaction with an AI agent by providing a persistent graphical interface for text input, workspace-aware file/folder attachment, and drag-and-drop image attachment with multi-language support.