mcp-gh-pr-mini
Verified Safeby y-hirakaw
Overview
A minimal Model Context Protocol (MCP) server for interacting with GitHub pull requests, supporting dual authentication (PAT or GitHub CLI).
Installation
npx mcp-gh-pr-miniEnvironment Variables
- GITHUB_PERSONAL_ACCESS_TOKEN
- DEBUG
- LOG_LEVEL
Security Notes
The server demonstrates good security practices including explicit input validation using Zod for all MCP tool parameters, which significantly reduces the risk of injection vulnerabilities. It uses environment variables for sensitive data like GitHub Personal Access Tokens, avoiding hardcoding. The dual authentication system, while complex, appears to be securely implemented by abstracting underlying mechanisms (HTTPS fetch for PAT, `gh` CLI for CLI auth). Execution of external `gh` commands is performed via `child_process.spawn` with arguments carefully constructed from validated inputs, and data is passed via `stdin` for API calls, mitigating typical shell injection risks. There are no apparent uses of `eval` or deliberate obfuscation. Comprehensive error handling is in place.
Similar Servers
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.
BitbucketMcpServers
Provides Model Context Protocol (MCP) server functionality for integrating with Bitbucket Cloud repositories to perform operations like listing pull requests and retrieving their details.
poly-git-mcp
Provides Model Context Protocol (MCP) tools for AI assistants to manage Git repositories, issues, pull requests, and CI/CD across GitHub, GitLab, Gitea, and Bitbucket platforms.