38
grade F
10 days ago
glama
spotify-mcp
An MCP server that enables users to control Spotify playback, search for music, and manage playlists through MCP-compatible clients. It supports features like track recommendations and playback management using secure OAuth authentication.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
🚨
Secret credentials may flow to a network call
4 flows detected: SPOTIFY_CLIENT_SECRET. We can’t prove the destination matches the brand the credential belongs to.
🚨
Known vulnerabilities in dependencies: 2 critical
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 1 credential: SPOTIFY_CLIENT_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.config
HOSTconfig
PORTconfig
SPOTIFY_AUTH_HOSTconfig
SPOTIFY_AUTH_PORTconfig
SPOTIFY_CLIENT_ID— Yes Spotify app client ID🔐 secret
SPOTIFY_CLIENT_SECRET— Yes Spotify app client secretconfig
SPOTIFY_REDIRECT_URI— No OAuth redirect URI (defaults to http://127.0.0.1:8888/callback)// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/graysoncadams-spotify-mcp-3zmjkz)commit: 42d3277c391bcfd964d2a1d8c156bfee96d4a445
code hash: 44ba12e130dc4082cb5e6e94b8654049ee05fdda7aa17ca40e8bf99e18213c56
verified: 4/11/2026, 2:26:54 PM