mcp-github-client
Verified Safeby 0xgordian
Overview
This server integrates the GitHub REST API as a Model Context Protocol (MCP) tool, enabling interactive access to GitHub repositories, issues, and code search for AI models.
Installation
npm startEnvironment Variables
- GITHUB_USERNAME
- GITHUB_TOKEN
Security Notes
The server primarily reads environment variables for sensitive data (GITHUB_TOKEN) rather than hardcoding. It uses `path.join` and SHA256 hashing for cache file paths, mitigating directory traversal risks. No `eval` or obvious dynamic code execution from untrusted input is present. The `undici` library is used for network requests, which is a modern, secure HTTP/1.1 and HTTP/2 client. Input arguments for tools are used to construct GitHub API queries; while GitHub itself is expected to sanitize queries, the client code does not add explicit sanitization beyond what the GitHub API expects for its query parameters. This is generally acceptable for a tool client.
Similar Servers
frontmcp
The CodeCall plugin provides AgentScript-based meta-tools for orchestrating MCP tools, enabling programmatic discovery, description, execution, and invocation of server capabilities within a sandboxed JavaScript environment.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.
workshop-mcp-servers
Demonstrates building Model Context Protocol (MCP) servers in TypeScript and Java for integrating with developer platforms and services like GitHub, specifically for a workshop using Visual Studio Code and GitHub Copilot.