Search for content within a music service. WARNING: Requires authentication for most services. Will return errors if the service requires DeviceLink or AppLink authentication and the user has not linked their account in the Sonos app. Prefer sonos_get_favorite_radio_stations for radio content.
AI agents call sonos_search_music_service to retrieve information from Sonos Ts without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool retrieves or queries music service content without modifying any data. The authentication warning and potential errors are access control concerns, not indicators of write, execute, or destructive capabilities. The tool fits the Read category: it searches and returns music content matching the 'search' pattern of retrieving data with no side effects.
From the tool's definition Tool searches for content within a music service and returns results. The description explicitly states it 'returns errors' rather than creating, modifying, or deleting data. No side effects are mentioned beyond querying a music service.
Documented attack patterns abuse exactly the kind of access sonos_search_music_service gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Sonos Ts, and nothing reaches the server without passing your rules. This is the rule we recommend for sonos_search_music_service:
{
"version": "1",
"default": "deny",
"tools": {
"sonos_search_music_service": {}
}
}sonos_search_music_service is read-only, so it stays allowed — but everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Search for content within a music service. WARNING: Requires authentication for most services. Will return errors if the service requires DeviceLink or AppLink authentication and the user has not linked their account in the Sonos app. Prefer sonos_get_favorite_radio_stations for radio content. It is categorised as a Read tool in the Sonos Ts MCP Server, which means it retrieves data without modifying state.
Register the Sonos Ts MCP server in PolicyLayer and add a rule for sonos_search_music_service: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Sonos Ts. Nothing to install.
sonos_search_music_service is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the sonos_search_music_service rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for sonos_search_music_service. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
sonos_search_music_service is provided by the Sonos Ts MCP server (tommertom/sonos-ts-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Sonos Ts, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
60 Sonos Ts tools catalogued and risk-classified — across an index of 43,000+ MCP servers.