Server data from the Official MCP Registry
Spotify tools for spotify, music, playlists by UnClick.
Spotify tools for spotify, music, playlists by UnClick.
UnClick is a large MCP server exposing 450+ API endpoints across 178+ tools with centralized authentication via a single UNCLICK_API_KEY. Critical security concerns include: (1) the API key is passed directly in MCP config and environment variables with no encryption or secure storage mechanism, (2) all 450+ tools share the same authentication token, creating a single point of compromise that grants access to sensitive APIs across finance, security, social media, and cloud infrastructure, (3) the tool-wiring file shows no input validation or rate limiting patterns, and (4) there is no audit logging or user consent mechanisms for potentially harmful operations (deleting resources, accessing sensitive data, making external API calls). The broad scope and unified auth pose significant risks. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 16 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-spotify": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!