Your Spotify MCP Server

SECURITY.md•1.33 kB

# Security Policy ## Supported Versions | Version | Supported | | ------- | ------------------ | | 0.1.x | :white_check_mark: | ## Reporting a Vulnerability If you discover a security vulnerability, please report it responsibly: 1. **Do NOT** open a public issue 2. Email: pentafive@gmail.com 3. Include: - Description of the vulnerability - Steps to reproduce - Potential impact - Suggested fix (if any) ## Response Timeline - **Acknowledgment:** Within 48 hours - **Initial assessment:** Within 1 week - **Fix timeline:** Depends on severity ## Security Considerations ### API Tokens - Never commit tokens to version control - Use environment variables for all credentials - Tokens are stored locally only (STDIO transport) ### Data Handling - This MCP server runs locally on your machine - No data is sent to third parties - All API calls go directly to: - Your self-hosted Your Spotify instance - Official Spotify API (api.spotify.com) ### Network Security - MCP uses STDIO transport (no network exposure) - HTTPS for all external API calls - No listening ports opened ## Best Practices for Users 1. Keep your Your Spotify API token private 2. Use Spotify OAuth tokens with minimal required scopes 3. Don't share your `claude_desktop_config.json` publicly 4. Regularly rotate API tokens

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pentafive/your-spotify-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

SECURITY.md•1.33 kB