MCP GitHub Server

v2025.4.6

GitHub (formerly Anthropic)

MCPgitversion-controlmcpmodel-context-protocol

Strong

About This MCP

GitHub's OFFICIAL MCP server, successor to the archived Anthropic reference server. Open source (Go, MIT, 30,558 stars), distributed as a binary/Docker image or via the hosted remote at https://api.githubcopilot.com/mcp/ (GA 2025-09-04) with OAuth 2.1+PKCE. Exposes 50+ tools in configurable toolsets with read-only mode. Known prompt-injection exfiltration risk (Invariant Labs, May 2025) requires least-privilege tokens and one-repo sessions.

Last Evaluated: June 10, 2026

Official Website

Trust Vector Analysis

Dimension Breakdown

🚀Performance & Reliability

api reliability

API stability and uptime analysis

Evidence

GitHub API Documentation — Built on GitHub's reliable REST API with 99.9% uptime SLA

highVerified: 2025-11-09

operation success rate

Operation success testing

Evidence

GitHub MCP Server (official) — Actively maintained by GitHub; high success rate for repo operations, issues, and PR management across 50+ tools

highVerified: 2026-06-10

rate limit handling

Rate limiting behavior testing

Evidence

GitHub Rate Limits — Respects GitHub rate limits (5000/hour authenticated, 60/hour unauthenticated)

mediumVerified: 2025-11-09

search accuracy

Search result quality assessment

Evidence

GitHub Search API — Powerful code and repository search capabilities

highVerified: 2025-11-09

error recovery

Error handling testing

Evidence

MCP Implementation — Handles API errors gracefully with retry logic

mediumVerified: 2025-11-09

🛡️Security

authentication security

Authentication mechanism review

Evidence

GitHub Personal Access Tokens — Uses GitHub PAT or OAuth for secure authentication

GitHub Changelog - Remote GitHub MCP Server GA — Hosted remote server (https://api.githubcopilot.com/mcp/) generally available with OAuth 2.1 + PKCE authorization

highVerified: 2026-06-10

token exposure risk

Token security analysis

Evidence

MCP Security Model — Token stored locally but AI can perform any action within token scope

highVerified: 2025-11-09

scope limitation

Permission scope testing

Evidence

GitHub Token Scopes — Supports granular permission scopes, but requires careful configuration

GitHub MCP Server (official) — Official server adds configurable toolsets (tool scoping) and a read-only mode to limit the action surface

highVerified: 2026-06-10

action auditability

Audit logging review

Evidence

GitHub Audit Log — All actions logged in GitHub's audit system

highVerified: 2025-11-09

unauthorized action risk

Authorization boundary testing

Evidence

Security Analysis — AI can create PRs, issues, and modify repos within token permissions

Invariant Labs - GitHub MCP vulnerability — Architectural prompt-injection finding: a malicious public issue can steer the agent into exfiltrating private-repo data; mitigations are least-privilege tokens and one-repo sessions

highVerified: 2026-06-10

🔒Privacy & Compliance

code exposure

Data flow analysis

Evidence

MCP Data Flow — Repository code and metadata sent to LLM provider for analysis

highVerified: 2025-11-09

sensitive data protection

Privacy controls assessment

Evidence

MCP Security Guidelines — No built-in secret detection; risk of exposing API keys or credentials in code

Invariant Labs - GitHub MCP vulnerability — Demonstrated private-repository data exfiltration via prompt injection from a malicious public issue when broad tokens are used

highVerified: 2026-06-10

organization data control

Access control review

Evidence

GitHub Permissions — Access controlled by GitHub org permissions and token scopes

mediumVerified: 2025-11-09

third party data sharing

Data sharing analysis

Evidence

LLM Provider Policies — Repository data shared with LLM provider per their privacy policy

highVerified: 2025-11-09

👁️Trust & Transparency

documentation quality

Documentation completeness review

Evidence

MCP GitHub Docs — Comprehensive documentation with setup guides and API reference

highVerified: 2025-11-09

operation visibility

Logging and traceability assessment

Evidence

MCP Protocol — All GitHub operations visible in MCP logs and GitHub audit trail

highVerified: 2025-11-09

open source transparency

Source code review

Evidence

GitHub MCP Server (official) — Fully open source Go implementation with MIT license; 30,558 GitHub stars

highVerified: 2026-06-10

api coverage clarity

API documentation review

Evidence

GitHub MCP Server (official) — 50+ tools documented and organized into configurable toolsets (repos, issues, PRs, actions, security, etc.)

highVerified: 2026-06-10

⚙️Operational Excellence

ease of setup

Setup complexity assessment

Evidence

MCP Setup Guide — Simple setup requiring only GitHub PAT configuration

GitHub Changelog - Remote GitHub MCP Server GA — Hosted remote endpoint removes local install entirely; local option ships as Go binary or Docker image

highVerified: 2026-06-10

api performance

Performance benchmarking

Evidence

GitHub API Performance — Response times vary based on GitHub API load (typically 200-500ms)

mediumVerified: 2025-11-09

reliability

Uptime analysis

Evidence

GitHub Status — Depends on GitHub API uptime (historically >99.9%)

highVerified: 2025-11-09

feature coverage

Feature completeness assessment

Evidence

GitHub MCP Server (official) — 50+ tools in configurable toolsets covering repos, issues, PRs, actions, code security, and search; read-only mode supported

highVerified: 2026-06-10

community adoption

Community activity analysis

Evidence

GitHub MCP Server (official) — 30,558 GitHub stars; official GitHub maintenance with hosted remote generally available since 2025-09-04

highVerified: 2026-06-10

Strengths

+Comprehensive GitHub API coverage (repos, issues, PRs, search)
+Built on reliable GitHub infrastructure with high uptime
+Excellent for development workflows and code collaboration
+Full operation auditability through GitHub's audit logs
+Official GitHub-maintained open source server (Go, MIT, 30,558 stars)
+Hosted remote option (OAuth 2.1+PKCE) generally available since 2025-09-04
+Configurable toolsets and read-only mode limit the action surface

Limitations

!Repository code and metadata exposed to LLM provider APIs
!Risk of unintended repository modifications or PR creation
!No built-in secret detection or sensitive data filtering
!Subject to GitHub API rate limits (5000 requests/hour)
!Token scope misconfiguration can grant excessive permissions
!Architectural prompt-injection risk: malicious public issues can drive private-repo data exfiltration (Invariant Labs, May 2025); mitigate with least-privilege tokens and one-repo sessions

Metadata

license: MIT

supported platforms

0: Windows

1: macOS

2: Linux

3: Hosted remote (https://api.githubcopilot.com/mcp/)

programming languages

0: Go

mcp version: 1.0

github repo: https://github.com/github/github-mcp-server

github stars: 30558

deprecated repo: https://github.com/modelcontextprotocol/servers-archived

api dependency: GitHub REST API v3

authentication: GitHub PAT (local) or OAuth 2.1 + PKCE (hosted remote)

remote endpoint: https://api.githubcopilot.com/mcp/

remote ga date: 2025-09-04

first release: 2024-11

maintained by: GitHub

status: Active - official GitHub server; archived Anthropic reference server superseded

transport types

0: stdio

1: streamable-http (hosted remote)

installation methods

0: Go binary

1: Docker

2: Hosted remote (no install)

Use Case Ratings

code generation

Excellent for AI-assisted development, PR creation, and code review workflows

customer support

Useful for creating support issues and tracking feature requests

content creation

Good for managing documentation and content in GitHub repos

data analysis

Useful for analyzing repository metrics, commit history, and issue data

research assistant

Excellent for researching codebases, finding examples, and tracking issues

legal compliance

Limited applicability; potential risk of exposing private repositories

healthcare

Low suitability due to risk of exposing sensitive code to LLM providers

financial analysis

Moderate risk; requires careful repository access controls

education

Great for teaching programming, managing assignments, and code review

creative writing

Useful for managing writing projects in GitHub, but not the primary use case