Back to Browse
Free
Server data from the Official MCP Registry
Spotify tools for spotify, music, playlists by UnClick.
About
Spotify tools for spotify, music, playlists by UnClick.
Security Report
1.5
Use Caution1.5Critical RiskUnClick is a large MCP server exposing 450+ API endpoints across 178+ tools with centralized authentication via a single UNCLICK_API_KEY. Critical security concerns include: (1) the API key is passed directly in MCP config and environment variables with no encryption or secure storage mechanism, (2) all 450+ tools share the same authentication token, creating a single point of compromise that grants access to sensitive APIs across finance, security, social media, and cloud infrastructure, (3) the tool-wiring file shows no input validation or rate limiting patterns, and (4) there is no audit logging or user consent mechanisms for potentially harmful operations (deleting resources, accessing sensitive data, making external API calls). The broad scope and unified auth pose significant risks. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 16 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-spotify": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
UnClick MCP server
The app store for AI agents. unclick.world
450+ callable endpoints across 178+ tools, available to any MCP-compatible AI client. New tools ship to the API continuously. Your agent picks them up automatically; no package update is needed.
Install
Using the latest GitHub release (no npm account required):
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"]
}
}
}
Add this to your claude_desktop_config.json (or equivalent for Cursor, Windsurf, etc).
Or install globally from GitHub:
npm install -g https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz
Operational Notes
This repo follows the AGENTS.md fence rules for agent work.
Run
For local web development:
npm run dev
For the API workspace:
npm run dev:api
Test
Run the main test suite:
npm test
Run the production build check:
npm run build
License
This repository is licensed under the MIT License. See LICENSE.
What it does
Gives your agent access to a growing catalog of tools across developer utilities, social media, e-commerce, finance, messaging, media, security, and more. You don't need to install separate packages for each integration. One server provides access to everything in the catalog.
Tool Surface
UnClick exposes a small direct surface for daily agent workflows, plus hidden internal discovery tools for the full catalog.
| Tool group | Tools |
|---|---|
| Memory session protocol | load_memory, save_fact, search_memory, save_identity, save_session |
| Signals and Fishbowl coordination | check_signals, read_messages, post_message, create_todo, list_todos, update_todo, complete_todo, create_idea, list_ideas, vote_on_idea, promote_idea_to_todo |
| Hidden internal catalog tools | unclick_search, unclick_browse, unclick_tool_info, unclick_call |
The agent starts with memory, uses direct Fishbowl tools for coordination, and can still call the hidden catalog tools by name when it needs dynamic endpoint discovery.
Compatibility and advanced memory operations
- Legacy memory names still work as aliases:
get_startup_context->load_memory,write_session_summary->save_session,add_fact->save_fact,set_business_context->save_identity. - The remaining memory operations are intentionally not listed in
ListToolsand are called throughunclick_callwithendpoint_id: "memory.<op>"(for examplememory.manage_decay,memory.store_code,memory.log_conversation,memory.supersede_fact,memory.upsert_library_doc).
Requirements
- Node.js 18+
- An API key from unclick.world
Set your key as an environment variable:
UNCLICK_API_KEY=your_key_here
Or pass it via the MCP config:
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"],
"env": {
"UNCLICK_API_KEY": "your_key_here"
}
}
}
}
More
Full catalog, docs, and API keys at unclick.world.
Reviews
No reviews yet
Be the first to review this server!
More Content & Media MCP Servers
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
120.0K
Stars
22
Installs
6.0
Security
5.0
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
485
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
65
Installs
10.0
Security
4.6
Local