Delv
CommunityAbandoned· 1.1y4.3by gwbischof

Bluesky Social MCP

Full Bluesky control over the atproto client, covering profiles, feeds, posts, follows, and interactions.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer45
Permissions55
Supply chain40
Transparency65
Incidents100

Bluesky Social MCP is a community-maintained server by solo developer gwbischof that provides full control over a Bluesky account via the atproto client. The permissions scope is broad: posting, deleting, following, blocking, and all social graph operations. Whilst this enables powerful automation, it also means Claude gets write access to your entire social presence. The maintainer appears to be an individual contributor with limited public profile, creating bus factor concerns. Installation requires cloning from git rather than a stable package registry, and credentials are stored as environment variables (handle plus app password). The repository is open source with reasonable documentation, though it's early-stage (v0.1). No known security incidents, but the combination of broad social media permissions, solo maintenance, and git-based install warrants careful consideration before granting access to your Bluesky account.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

DMs make this private; replies and quote-posts make untrusted-input wide; posting closes the loop.

Green flags

  • Open source repository with visible code for review
  • Uses official atproto client library underneath
  • Clear documentation of required credentials
  • No known security incidents or malicious behaviour

Red flags

  • Solo maintainer with limited public track record
  • Full write access to social graph: posts, follows, blocks, DMs
  • Git-based install rather than stable package registry (v0.1)
  • App password stored in env vars grants complete account access
  • Early version (0.1) suggests immature codebase

Permissions requested

Identity readIdentity writeSend messagesRead messagesOutbound networkAccess secrets
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

uvx --from git+https://github.com/gwbischof/[email protected] bluesky-social-mcp
Env vars needed: BLUESKY_HANDLEBLUESKY_APP_PASSWORD

Review

Bluesky Social MCP gives Claude full control over your Bluesky account through the atproto client. It covers profiles, feeds, posts, follows, blocks, and all the social graph operations you'd expect from a proper API wrapper. The implementation is straightforward: authenticate with your handle and an app password, then you can automate posting, analyse your feed patterns, bulk-manage follows, or build personal brand workflows without touching the web UI. I'd reach for this when I'm scheduling content across time zones or need to analyse engagement patterns without manually scrolling. The feed analytics angle is particularly useful if you're trying to figure out what actually performs on Bluesky versus what you think performs. You can query your posts, pull metrics, and correlate them with posting times or content types. The follow management tools are solid for cleaning up your graph or identifying accounts that match specific criteria. The quirks are minimal but worth noting. You're authenticating with an app password, not OAuth, which means you need to generate one from Bluesky's settings first. The server doesn't abstract away atproto's data model, so you'll see references to DIDs and ATProto URIs if you dig into the responses. That's fine if you know Bluesky's architecture, but it's not beginner-friendly if you're expecting Twitter-style simplicity. This is a community server, so expect the occasional rough edge. The repo is young (v0.1 at time of writing), and the documentation assumes you know what you're doing with MCP servers generally. If you're already automating social media workflows or building tools that need programmatic Bluesky access, this is the cleanest path I've seen. If you just want to post occasionally, the web interface is faster. Skip this if you're not comfortable with API-level social media operations or if you're looking for a no-code solution. The value here is in automation and bulk operations, not in making simple tasks simpler.
Verdict

Install if you're automating Bluesky workflows, analysing your feed programmatically, or managing follows at scale. Skip if you're after a simpler posting interface or don't need API-level control. The implementation is clean, but it assumes you know why you need it.

Good at

  • Full atproto coverage means you can automate nearly every Bluesky operation without manual intervention.
  • Feed analytics and engagement tracking work well for understanding what content performs.
  • Follow management tools handle bulk operations cleanly, useful for pruning or discovering accounts.
  • App password authentication is simpler than OAuth for personal automation workflows.

Watch out

  • Documentation assumes familiarity with MCP servers and atproto's data model.
  • Early version (v0.1) means expect occasional gaps or undocumented edge cases.
  • No OAuth flow, so you're managing app passwords manually.
  • Rate limits are inherited from atproto with no built-in throttling or retry logic.

Use cases

  • social posting automation
  • feed analytics
  • follow management
  • personal brand workflows

Getting started

1. Generate an app password from your Bluesky account settings (not your main password). 2. Run `uvx --from git+https://github.com/gwbischof/[email protected] bluesky-social-mcp` to install. 3. Add the server to your Claude Desktop config with `BLUESKY_HANDLE` and `BLUESKY_APP_PASSWORD` environment variables. 4. Restart Claude and verify by asking it to fetch your Bluesky profile or recent posts. 5. Watch out for rate limits if you're bulk-querying feeds or follows, atproto enforces them at the protocol level.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs