Back to MCP Trust Indexm8ven
2
grade F
10 days ago
npm

discogs-mcp-server

MCP server for Discogs

cswkim/discogs-mcp-server· npm: discogs-mcp-server· listed on npm

Install from

npmnpm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Code appears obfuscated
1 file are unreadable to a human reviewer. Cannot audit what they do.
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 1 credential: DISCOGS_PERSONAL_ACCESS_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configDISCOGS_API_URL
configDISCOGS_MEDIA_TYPE
🔐 secretDISCOGS_PERSONAL_ACCESS_TOKENYour Discogs personal access token
configDISCOGS_USER_AGENT
configPORT
configSERVER_HOSTThe host address to bind the server to (default: 0.0.0.0). Set to 0.0.0.0 to allow connections from outside the container/machine, or 127.0.0.1 to restrict to localhost only.
configSERVER_NAME
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/npm-https-github-com-cswkim-discogs-mcp-server)](https://m8ven.ai/mcp/npm-https-github-com-cswkim-discogs-mcp-server)
commit: 3c22a14dbba25e46b719ab21a196496f6f5f5e5f
code hash: f0822855cba67b988d7e4a84486330f7b9b57afe753f268763d012c48f385b67
verified: 4/11/2026, 1:42:15 PM
view raw JSON →