gh_mcp_server
gh_mcp_server is a Spring Boot-based MCP (Model Context Protocol) server that exposes GitHub CLI (gh) operations as MCP tools. It runs as a local STDIO MCP server and performs GitHub tasks (repos, issues, pull requests, workflows, releases, files, and user info) by invoking the authenticated `gh` CLI and returning JSON results.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Runs locally as an MCP STDIO server and delegates auth to `gh` CLI. README does not describe TLS/network exposure (TLS likely irrelevant for STDIO). Capability granularity is limited to whatever permissions `gh` holds (no explicit per-tool scopes described). Since it uses `ProcessBuilder`/command execution with timeout support is mentioned, injection risk depends on how arguments are constructed—details are not provided in README. Secrets are presumably handled by `gh`/environment; README does not indicate logging of secrets, but does not document secret redaction behavior.
⚡ Reliability
Best When
You want a lightweight local MCP integration with GitHub powered by the existing, user-authenticated GitHub CLI, especially when avoiding Docker or a separate hosted GitHub MCP service.
Avoid When
You need guaranteed idempotency for write operations, very explicit rate-limit/429 guidance, or a security model that limits capabilities per request beyond what the underlying `gh` auth allows.
Use Cases
- • Build an MCP client workflow that can list/search repositories
- • Automate issue lifecycle tasks (list/create/close/comment/edit) via an AI assistant
- • Automate pull request tasks (list/get/create/merge/close/comment) via an AI assistant
- • Inspect CI/workflows and workflow runs
- • Manage releases (list/get/create)
- • Fetch repository file contents and commit history
- • Retrieve the authenticated GitHub user details
Not For
- • Production-grade, multi-tenant hosted use without additional hardening (because it shells out to `gh` on the host)
- • Use cases requiring strict least-privilege OAuth scopes beyond what `gh` authentication already provides
- • Teams that need strong, documented MCP tool schemas/typing beyond what’s described in README
Interface
Authentication
Authentication is delegated to the local `gh` CLI. As described, the server relies on whatever credentials/permissions the user already configured for `gh`.
Pricing
No pricing information provided (appears to be a self-hosted MIT-licensed tool).
Agent Metadata
Known Gotchas
- ⚠ Write operations (create/merge/close/edit) are not described as idempotent; agents may need to deduplicate intent on their side.
- ⚠ The server shells out to `gh`; timeouts can occur on slow networks/large repos (README mentions 30s default per operation).
- ⚠ Rate limiting is handled by GitHub CLI automatically, but the MCP-layer guidance on 429/backoff behavior is not clearly documented.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for gh_mcp_server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.