Server data from the Official MCP Registry
Music charts, artist info, similar artists, and top tracks from Last.fm. By UnClick.
Music charts, artist info, similar artists, and top tracks from Last.fm. By UnClick.
The UnClick MCP server exposes 450+ third-party API integrations with a centralized authentication model via UNCLICK_API_KEY. While the server itself has reasonable code structure, multiple concerns emerge: (1) reliance on third-party tool implementations without visible security review, (2) overly broad network and environment variable permissions that could enable lateral attacks, (3) no input validation visible in the tool-wiring schema definitions, and (4) potential for credential leakage through environment variable access. The server's design as an "app store for AI agents" with dynamic tool discovery increases attack surface. Users should be aware that compromising the API key or the local environment exposes access to all integrated services simultaneously. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 14 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-lastfm": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.