GitHub MCP Server

GitHub's official MCP server that gives AI agents full access to GitHub's platform: repositories, issues, pull requests, Actions workflows, code security findings, Dependabot alerts, discussions, and notifications. Available as a hosted remote server or self-hosted Docker container.

Evaluated Mar 06, 2026 (0d ago) vunknown
Homepage ↗ Repo ↗ Developer Tools github mcp-server git pull-requests issues actions code-review dependabot official go
⚙ Agent Friendliness
87
/ 100
Can an agent use this?
🔒 Security
89
/ 100
Is it safe for agents?
⚡ Reliability
88
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
90
Documentation
88
Error Messages
75
Auth Simplicity
82
Rate Limits
88

🔒 Security

TLS Enforcement
100
Auth Strength
88
Scope Granularity
90
Dep. Hygiene
82
Secret Handling
85

Fine-grained PATs allow per-repository, per-permission scoping. GitHub App auth provides installation-level isolation. Token never appears in MCP tool responses. MIT licensed open source.

⚡ Reliability

Uptime/SLA
90
Version Stability
88
Breaking Changes
85
Error Recovery
88
AF Security Reliability

Best When

An agent needs deep GitHub integration for code review, issue management, PR automation, or CI/CD monitoring across one or more repositories.

Avoid When

You use a non-GitHub VCS, or you only need basic git operations that don't require the GitHub API.

Use Cases

  • AI-assisted code review and pull request management
  • Automated issue triage and bug analysis with natural language
  • Monitoring and debugging GitHub Actions workflow failures
  • Codebase exploration and security finding analysis across repositories
  • Managing releases, notifications, and project boards through AI agents

Not For

  • Non-GitHub repositories (GitLab, Bitbucket, etc.)
  • Direct code execution or deployment beyond GitHub Actions
  • Managing GitHub billing or organization-level admin settings

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: oauth personal_access_token
OAuth: Yes Scopes: Yes

Remote server supports OAuth (recommended) or PAT. Local server requires PAT via GITHUB_PERSONAL_ACCESS_TOKEN env var. Enterprise Server requires local deployment with custom GITHUB_HOST. Recommended PAT scopes: repo, read:packages, read:org.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. Remote hosted server provided free by GitHub. GitHub API rate limits apply (5000 req/hr for authenticated users).

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • GitHub API rate limits (5000/hr) can be exhausted quickly with aggressive agent usage
  • PAT scope must match intended operations - insufficient scopes produce opaque permission errors
  • Enterprise Server requires local Docker deployment, remote server is GitHub.com and GHE Cloud only
  • Toolset configuration is critical - exposing all tools can overwhelm agent tool selection
  • Environment variable support varies by MCP host (e.g., Windsurf requires hardcoded tokens)

Alternatives

GitLab MCP (if exists) Sourcegraph Cody Linear MCP Gitea

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for GitHub MCP Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5173
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered