github-mcp-server
Provides an MCP server (remote and local) that connects AI agents to GitHub so they can query repositories and code, manage issues/PRs, inspect GitHub Actions/workflows, and perform related automation through MCP toolsets.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Supports PAT and mentions minimum scopes and rotation; examples show using password=true inputs for tokens in host config. However, explicit guidance on rate limits, error handling, and operational security controls beyond token best practices/policies is limited in the provided excerpt. Dependency hygiene cannot be verified from the given content.
⚡ Reliability
Best When
You want AI agents to operate on GitHub context from within an MCP-capable host (e.g., VS Code, Claude Desktop) using either GitHub-hosted remote MCP or a locally run Docker/binary server.
Avoid When
You cannot securely manage a GitHub PAT/OAuth credentials or you cannot comply with the repository/policy requirements referenced by the project (policies-and-governance).
Use Cases
- • Repository browsing and code/file querying
- • Issue and pull request automation (create/update/manage)
- • GitHub Actions workflow run monitoring and build failure analysis
- • Codebase analysis including alerts/findings (e.g., Dependabot-related)
- • Team collaboration tasks such as discussions/notifications via GitHub context
Not For
- • Acting as a general-purpose GitHub automation bot without constrained toolsets/policies
- • Use cases requiring a pure REST/GraphQL API client library (this is primarily an MCP integration)
Interface
Authentication
Local server expects GITHUB_PERSONAL_ACCESS_TOKEN. Remote configuration examples show Authorization: Bearer ${input:github_mcp_pat}. Project also references policies/governance and notes about toolsets.
Pricing
No pricing details in provided README excerpt; remote uses GitHub-hosted endpoints and may depend on your GitHub/Copilot/host entitlements.
Agent Metadata
Known Gotchas
- ⚠ Operations that mutate GitHub state (issues/PRs/workflows releases) may be non-idempotent; agents should avoid accidental repeats without explicit idempotency handling.
- ⚠ Remote MCP availability depends on MCP-host support for remote MCP and OAuth/PAT flows.
- ⚠ Credential handling varies by host (some require hardcoded tokens); ensure secrets are not logged or committed.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for github-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.