github-mcp-server
Verified Safeby crypto-ninja
Overview
Automate comprehensive GitHub workflows including repository management, issue tracking, pull request operations, file management, and CI/CD monitoring, designed for AI-powered development teams with extreme token efficiency.
Installation
python -m github_mcpEnvironment Variables
- GITHUB_TOKEN
- GITHUB_APP_ID
- GITHUB_APP_INSTALLATION_ID
- GITHUB_APP_PRIVATE_KEY_PATH
- GITHUB_APP_PRIVATE_KEY
- GITHUB_AUTH_MODE
- MCP_WORKSPACE_ROOT
- GITHUB_API_BASE_URL
Security Notes
The Deno executor uses `new Function()` to run user-provided TypeScript code, which inherently carries security risks like access to the global scope. However, this is significantly mitigated by a robust `code-validator.ts` that blocks dangerous patterns (e.g., `eval()`, `Deno.run()`, `__proto__` access, dynamic `import()`) and the Deno runtime's limited permissions (`--allow-read`, `--allow-net`, no file write access for user code). The `--allow-run` permission is for spawning the Deno process by Python, not for user code. Still, a sophisticated attack on the validator could potentially lead to sandbox escape.
Similar Servers
github-mcp-server
Connects AI tools (agents, assistants, chatbots) directly to GitHub's platform, enabling natural language interactions for repository management, issue/PR automation, code analysis, and workflow automation.
octocode-mcp
Enables AI assistants to conduct deep, secure, and token-efficient code research across GitHub repositories by providing structured access and analysis tools.
gh-mcp
A GitHub CLI extension that runs the Model Context Protocol (MCP) server in a Docker container using existing `gh` authentication to provide GitHub context to AI models/agents.
tinystruct-mcp
This server provides a JSON-RPC interface for Git, GitHub API, and file system operations, intended for integration into DevOps, automation, and AI-driven workflows.