riffmcp
Verified Safeby whitneyland
Overview
An MCP server that allows LLMs to play, compose, and render music.
Installation
/Applications/RiffMCP.app/Contents/MacOS/RiffMCP --stdioEnvironment Variables
- RIFF_LOG_STDIO
- RIFF_LOG_JSON
Security Notes
The HTTP server is hardcoded to listen only on localhost (127.0.0.1), significantly reducing external attack surface. Path traversal attempts for image resources served via `/images/` are explicitly checked and prevented using `fileURL.path.hasPrefix(tempDirectory.path)`. Input JSON for music sequences and tool calls are decoded using Swift's `JSONDecoder`, which helps prevent injection vulnerabilities if the models are defined correctly. The implementation of the HTTP server is hand-rolled, which can carry inherent risks compared to battle-tested frameworks, but the current implementation appears robust for its intended local scope.
Similar Servers
XcodeBuildMCP
Provides an MCP (Model Context Protocol) server for AI agents and other clients to programmatically build, test, run, and debug iOS and macOS applications, manage simulators/devices, and capture logs.
osaurus
Osaurus is an AI edge runtime for macOS, enabling users to run local and cloud AI models, orchestrate tools via the Model Context Protocol (MCP), and power AI applications and workflows on Apple Silicon.
strudel-mcp-server
An MCP server enabling AI-powered music generation, live coding, and algorithmic composition by controlling Strudel.cc in a browser.
action_mcp
ActionMCP is a Ruby gem providing Model Context Protocol (MCP) server capabilities to Rails applications, enabling AI assistants to connect to external data sources and tools.