Delv
CommunityActive· 10d4.3by marcelmarais

Spotify MCP

Controls Spotify playback, searches music, and manages playlists via OAuth, requiring a Spotify Premium account.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-18

Maintainer45
Permissions75
Supply chain40
Transparency65
Incidents100

This community-built Spotify controller uses OAuth to manage playback and playlists through the official Spotify Web API. The maintainer appears to be a solo developer with limited GitHub activity, creating bus factor concerns. The server requires OAuth credentials (client ID, secret, redirect URI) which users must obtain from Spotify's developer dashboard. Permissions are reasonably scoped to music control operations via a legitimate API, though playlist management does involve write access. The supply chain is weak: no npm package exists, requiring users to clone and build from source with custom npm scripts. Documentation appears basic but functional. The OAuth flow mitigates some risk by keeping credentials user-controlled, but the manual build process and single maintainer reduce confidence. No security incidents are known. Suitable for users comfortable with OAuth setup and source builds, but lacks the polish and verification of packaged solutions.

Green flags

  • Uses official Spotify Web API with standard OAuth 2.0 flow
  • Scoped to music operations only, no filesystem or shell access
  • Open source repository allows code inspection
  • Requires user-controlled Spotify developer credentials
  • No known security incidents or malicious behaviour

Red flags

  • Solo maintainer with limited public GitHub activity
  • No npm package; requires manual clone and build from source
  • OAuth secrets stored in environment variables without key management
  • Sparse documentation on security best practices for credential handling
  • No apparent code review or security audit history

Permissions requested

Outbound networkAccess secretsIdentity readIdentity write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npm install && npm run build
Env vars needed: SPOTIFY_CLIENT_IDSPOTIFY_CLIENT_SECRETSPOTIFY_REDIRECT_URI

Review

This MCP server hooks Claude into your Spotify account via OAuth, giving you proper playback control and playlist management without leaving your chat. It's not a read-only integration. You can pause, skip, queue tracks, create playlists, and ask what's currently playing. The authentication flow is standard OAuth, so you'll need to register a Spotify app and paste in client credentials. Premium account required, which is a hard gate for free-tier users. I'd reach for this when I'm working in Claude Desktop and want to control music without context-switching. The Now Playing queries are genuinely useful if you're the sort who hears a track mid-flow and wants to save it or add it to a playlist without breaking focus. Playlist curation works well: you can ask Claude to create a playlist from a list of tracks or search results, and it'll handle the API calls. Music discovery is less impressive. The search works, but Claude's not going to recommend better tracks than Spotify's own algorithm. You're mostly using this for convenience, not insight. Quirks: the OAuth setup is manual. You need to create a Spotify Developer app, whitelist a redirect URI, and drop credentials into environment variables. Not hard, but it's more friction than some MCP servers that just need an API key. The redirect URI defaults to localhost, which is fine for local dev but means you can't easily share configs across machines. Also, this is a community project from a single maintainer. It works, but don't expect enterprise-grade error handling or frequent updates. Who shouldn't bother: anyone without Spotify Premium, anyone who doesn't use Claude Desktop regularly, or anyone who already has a keyboard-driven music workflow they're happy with. This is for people who live in Claude and want fewer interruptions, not for casual users who check in once a week.
Verdict

Install this if you're a Spotify Premium user who spends hours in Claude Desktop and hates alt-tabbing to control playback. Skip it if you're on the free tier, don't use Claude Desktop daily, or prefer dedicated music apps. It does one thing well: keeps your music workflow inside your AI assistant.

Good at

  • Proper OAuth authentication means no API key limits or token expiry headaches.
  • Playback control and playlist management work reliably without leaving Claude Desktop.
  • Now Playing queries are genuinely useful for capturing tracks mid-workflow.
  • Standard npm build process, no exotic dependencies.

Watch out

  • Requires Spotify Premium, which locks out free-tier users entirely.
  • Manual OAuth setup with redirect URI configuration adds friction compared to simpler MCP servers.
  • Community project from a single maintainer, so long-term support isn't guaranteed.
  • Music discovery features are basic. You're better off using Spotify's own recommendations.

Use cases

  • music playback control
  • playlist curation
  • Now Playing queries
  • music discovery

Getting started

1. Register a Spotify Developer app at developer.spotify.com, note your client ID and secret, and set the redirect URI to http://localhost:3000/callback. 2. Clone the repo, run `npm install && npm run build`, then set SPOTIFY_CLIENT_ID, SPOTIFY_CLIENT_SECRET, and SPOTIFY_REDIRECT_URI in your environment. 3. Add the server to your Claude Desktop config under mcpServers with the path to the built server and the three environment variables. 4. Restart Claude Desktop, then ask it to authenticate with Spotify. Follow the OAuth flow in your browser. 5. Test by asking Claude what's currently playing or to pause your music. Watch out: if the redirect URI doesn't match exactly, authentication will fail silently.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs