MCPVet
Clean
Check your own MCP server
Free · no signup · instant shareable report.
Environment variables (config / keys) 1
AI review
This is a legitimate Spotify MCP server that uses standard OAuth credentials for API access. No hidden instructions, prompt injection, or deceptive tool descriptions were found. The code only reads credentials from environment variables as expected for Spotify API authentication.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/spotify_mcp/spotify_api.py:14
CLIENT_ID = os.getenv("SPOTIFY_CLIENT_ID")
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.