lastfm-mcp
mcp
Uyari
Health Gecti
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 33 GitHub stars
Code Uyari
- process.env — Environment variable access in .github/workflows/elezea-release-post.yml
- network request — Outbound network request in .github/workflows/elezea-release-post.yml
Permissions Gecti
- Permissions — No dangerous permissions requested
Purpose
This MCP server acts as a bridge between AI assistants (like Claude) and the Last.fm API, enabling users to query public music data, their personal listening history, and recommendations.
Security Assessment
Overall Risk: Medium. The server relies on a standard OAuth 2.0 flow to access a user's private Last.fm listening history, which is expected for this functionality, but requires user consent for sensitive data. It operates as a remote server on Cloudflare Workers, meaning it does not run locally or execute arbitrary shell commands on your machine. A code scan flagged outbound network requests and environment variable usage, but these are safely isolated within an automated GitHub Actions workflow for releases, not in the core application logic. There are no hardcoded secrets, and the tool does not request dangerous local system permissions.
Quality Assessment
The project appears to be actively maintained with recent repository updates. It is backed by a permissive MIT license, making it highly accessible for developers. It shows solid community trust for a niche integration, having earned 33 GitHub stars. The documentation is clean, clearly outlining available tools, authentication requirements, and setup instructions across multiple AI clients.
Verdict
Safe to use.
This MCP server acts as a bridge between AI assistants (like Claude) and the Last.fm API, enabling users to query public music data, their personal listening history, and recommendations.
Security Assessment
Overall Risk: Medium. The server relies on a standard OAuth 2.0 flow to access a user's private Last.fm listening history, which is expected for this functionality, but requires user consent for sensitive data. It operates as a remote server on Cloudflare Workers, meaning it does not run locally or execute arbitrary shell commands on your machine. A code scan flagged outbound network requests and environment variable usage, but these are safely isolated within an automated GitHub Actions workflow for releases, not in the core application logic. There are no hardcoded secrets, and the tool does not request dangerous local system permissions.
Quality Assessment
The project appears to be actively maintained with recent repository updates. It is backed by a permissive MIT license, making it highly accessible for developers. It shows solid community trust for a niche integration, having earned 33 GitHub stars. The documentation is clean, clearly outlining available tools, authentication requirements, and setup instructions across multiple AI clients.
Verdict
Safe to use.
An MCP server that provides seamless access to a user's Last.fm listening data and music information via AI assistants like Claude.
README.md
Last.fm MCP Server
A Model Context Protocol (MCP) server for Last.fm. Gives AI assistants access to your listening history, music discovery, and detailed track/artist/album information.
Runs on Cloudflare Workers with OAuth 2.0 authentication. Public tools (track info, artist info, similar artists) work without signing in -- connect your Last.fm account to access personal listening data.
Quick start
Claude.ai / Claude Desktop
- Open Settings -> Connectors -> Add Custom Connector
- Enter
https://lastfm-mcp.com/mcp - Sign in to Last.fm when prompted
Claude Code
claude mcp add --transport http lastfm "https://lastfm-mcp.com/mcp"
Windsurf
Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"lastfm": {
"serverUrl": "https://lastfm-mcp.com/mcp"
}
}
}
Other MCP clients
For clients that don't support remote servers directly (Continue.dev, Zed, etc.), use mcp-remote:
{
"mcpServers": {
"lastfm": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://lastfm-mcp.com/mcp"]
}
}
}
MCP Inspector
npx @modelcontextprotocol/inspector https://lastfm-mcp.com/mcp
Authentication
The server uses OAuth 2.0. When you connect from a supported client, your browser opens to Last.fm to authorize access. Tokens persist across sessions.
Public tools work without signing in. You only need to connect your account for personal listening data.
Available tools
Public tools
| Tool | Description |
|---|---|
get_track_info |
Detailed information about a track |
get_artist_info |
Artist information and bio |
get_album_info |
Album details and track listing |
get_similar_artists |
Artists similar to a given artist |
get_similar_tracks |
Tracks similar to a given track |
ping |
Test connectivity |
server_info |
Server status and capabilities |
lastfm_auth_status |
Check authentication status |
Personal tools (requires sign-in)
| Tool | Description |
|---|---|
get_recent_tracks |
Recent listening history (paginated) |
get_top_artists |
Top artists by time period |
get_top_albums |
Top albums by time period |
get_loved_tracks |
Loved/favorited tracks |
get_user_info |
Last.fm profile information |
get_listening_stats |
Listening statistics |
get_music_recommendations |
Personalized recommendations |
Temporal queries (requires sign-in)
| Tool | Description |
|---|---|
get_weekly_chart_list |
Available historical time periods |
get_weekly_artist_chart |
Artist charts for a specific time period |
get_weekly_track_chart |
Track charts for a specific time period |
Good for questions like "when did I start listening to Led Zeppelin?" or "what was I into last March?"
Resources
The server exposes MCP resource URIs:
lastfm://user/{username}/recent # Recent tracks
lastfm://user/{username}/top-artists # Top artists
lastfm://user/{username}/top-albums # Top albums
lastfm://user/{username}/loved # Loved tracks
lastfm://user/{username}/profile # User profile
lastfm://track/{artist}/{track} # Track info
lastfm://artist/{artist} # Artist info
lastfm://album/{artist}/{album} # Album info
lastfm://artist/{artist}/similar # Similar artists
lastfm://track/{artist}/{track}/similar # Similar tracks
Prompts
| Prompt | Description | Arguments |
|---|---|---|
listening_insights |
Analyze listening habits and patterns | username, period? |
music_discovery |
Discover music based on listening history | username, genre? |
track_analysis |
Detailed analysis of a track | artist, track |
album_analysis |
Detailed analysis of an album | artist, album |
artist_analysis |
Detailed analysis of an artist | artist |
listening_habits |
Summarize listening habits | username, timeframe? |
Development
Prerequisites
- Node.js 18+
- Cloudflare Workers account
- Last.fm API key (create one here)
Local setup
git clone https://github.com/rianvdm/lastfm-mcp.git
cd lastfm-mcp
npm install
Create .dev.vars:
LASTFM_API_KEY=your_api_key
LASTFM_SHARED_SECRET=your_shared_secret
JWT_SECRET=your_jwt_secret
npm run dev
Test with the inspector:
npx @modelcontextprotocol/inspector http://localhost:8787/mcp
Deployment
Set production secrets:
echo "your_api_key" | wrangler secret put LASTFM_API_KEY --env production
echo "your_shared_secret" | wrangler secret put LASTFM_SHARED_SECRET --env production
echo "your_jwt_secret" | wrangler secret put JWT_SECRET --env production
Deploy:
npm run deploy:prod
Testing
npm test
npm run typecheck
npm run lint
Architecture
- Runtime: Cloudflare Workers
- Protocol: MCP (streamable HTTP)
- Auth: OAuth 2.0 (RFC 9728)
- Storage: Cloudflare KV for sessions, tokens, and caching
- API: Last.fm Web API v2.0
Endpoints
| Endpoint | Purpose |
|---|---|
/mcp |
MCP JSON-RPC endpoint |
/authorize |
OAuth 2.0 authorization |
/.well-known/oauth-authorization-server |
OAuth server metadata |
/.well-known/oauth-protected-resource |
OAuth resource metadata |
Contributing
- Fork the repo
- Create a feature branch
- Commit your changes
- Open a pull request
License
MIT
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi