riffmcp
Verified Safeby whitneyland
Overview
An MCP server that allows LLMs to play, compose, and render music.
Installation
/Applications/RiffMCP.app/Contents/MacOS/RiffMCP --stdioEnvironment Variables
- RIFF_LOG_STDIO
- RIFF_LOG_JSON
Security Notes
The HTTP server is hardcoded to listen only on localhost (127.0.0.1), significantly reducing external attack surface. Path traversal attempts for image resources served via `/images/` are explicitly checked and prevented using `fileURL.path.hasPrefix(tempDirectory.path)`. Input JSON for music sequences and tool calls are decoded using Swift's `JSONDecoder`, which helps prevent injection vulnerabilities if the models are defined correctly. The implementation of the HTTP server is hand-rolled, which can carry inherent risks compared to battle-tested frameworks, but the current implementation appears robust for its intended local scope.
Similar Servers
XcodeBuildMCP
A Model Context Protocol (MCP) server that provides Xcode-related tools for AI assistants, enabling programmatic interaction with Xcode projects, simulators, devices, and Swift packages.
osaurus
Osaurus is a native macOS LLM server running local language models with OpenAI and Ollama compatible APIs, enabling tool calling and a plugin ecosystem for AI agents.
action_mcp
Provides Model Context Protocol (MCP) server capabilities to Ruby on Rails applications, enabling AI assistants to interact with external data sources and tools via JSON-RPC over HTTP/SSE.
spotify-streamable-mcp-server
An HTTP MCP server for Spotify, enabling LLMs to search music, control playback, and manage playlists/saved songs for voice interfaces and smart-home automations.