github-mcp-read-only
Verified Safeby esinecan
Overview
A lightweight MCP server that provides read-only GitHub operations by wrapping the `gh` CLI, with structured and pruned JSON responses.
Installation
node dist/mcp/server.jsSecurity Notes
The server primarily relies on executing `gh` CLI commands using `child_process.exec`. While arguments are constructed internally and are not directly concatenated with raw user input, any vulnerability in the `gh` CLI itself or an unforeseen shell injection vector could pose a risk. The `exec` calls do not use `shell: true` with raw input, which mitigates some common injection attacks, but `gh` commands themselves can be complex. There are no obvious `eval` or obfuscation patterns. Prerequisites include `gh` CLI authentication, which uses existing user credentials.
Similar Servers
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.
tinystruct-mcp
A modular Java server providing a JSON-RPC interface for file system and Git/GitHub operations, aimed at automation and DevOps workflows.
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.
mcp-gh-pr-mini
A minimal Model Context Protocol (MCP) server for interacting with GitHub pull requests, supporting dual authentication (PAT or GitHub CLI).