GitHub MCP Server
Scanned@BuddhaSource
npx machina-cli add skill @BuddhaSource/github-mcp --openclawGitHub MCP Server
Complete GitHub Integration for AI Agents
Connect AI agents to GitHub for repository management, code operations, issue tracking, pull requests, and the full GitHub API.
Why GitHub MCP?
🤖 Agent-Native GitHub Workflows
Enable agents to perform complex GitHub operations that previously required manual API integration:
- Clone and navigate repositories
- Read and modify files
- Create issues and pull requests
- Review code and discussions
- Manage branches and releases
🔐 Secure Authentication
OAuth-based authentication with fine-grained permissions. Agents access only what you authorize.
📦 Zero Setup for Common Operations
Pre-configured tools for the most common GitHub workflows. No manual API calls required.
Installation
Option 1: Official MCP Server (Archived - Community Maintained)
# Community-maintained GitHub MCP server
npm install -g @modelcontextprotocol/server-github
# Or build from source
git clone https://github.com/modelcontextprotocol/servers-archived
cd servers-archived/src/github
npm install
npm run build
Option 2: Third-Party Implementations
Several community implementations available. Check the MCP Registry for current options.
Configuration
Add to your MCP client config:
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
}
}
}
}
Get GitHub Token
- Go to https://github.com/settings/tokens
- Generate new token (classic) or fine-grained token
- Select scopes:
repo- Full repository accessread:user- Read user profileread:org- Read organization data (if needed)
Fine-Grained Token (recommended):
- Repository permissions: Contents (Read/Write), Issues (Read/Write), Pull Requests (Read/Write)
- Organization permissions: Members (Read) if accessing org repos
Available Tools
Repository Operations
1. Create Repository
Agent: "Create a new repository called 'my-project'"
2. Clone Repository
Agent: "Clone the OpenAI GPT-4 repository"
3. List Repository Files
Agent: "What files are in the src/ directory?"
File Operations
4. Read File
Agent: "Show me the README.md file"
Agent: "Read the contents of src/index.ts"
5. Create/Update File
Agent: "Create a new file docs/API.md with API documentation"
Agent: "Update the version in package.json to 2.0.0"
6. Search Code
Agent: "Search for files containing 'authentication logic'"
Agent: "Find where the DatabaseConnection class is defined"
Issue & PR Management
7. Create Issue
Agent: "Create an issue: 'Add dark mode support'"
8. List Issues
Agent: "Show me all open bugs"
Agent: "What issues are assigned to me?"
9. Create Pull Request
Agent: "Create a PR to merge feature/login into main"
10. Review Pull Request
Agent: "Review PR #42 and check for security issues"
Branch Operations
11. Create Branch
Agent: "Create a new branch called 'feature/user-auth'"
12. List Branches
Agent: "Show all branches in this repo"
13. Merge Branch
Agent: "Merge 'develop' into 'main'"
Advanced Operations
14. Create Release
Agent: "Create a release v2.0.0 with the latest changes"
15. Search Repositories
Agent: "Find popular React component libraries"
16. Fork Repository
Agent: "Fork the Vue.js repository to my account"
Agent Workflow Examples
Code Review Automation
Human: "Review all PRs and flag security issues"
Agent:
1. list_pull_requests(state="open")
2. For each PR:
- get_pull_request(pr_number)
- read_changed_files()
- analyze for security vulnerabilities
- create_review_comment(security_findings)
Issue Triage
Human: "Label all new issues with 'needs-triage'"
Agent:
1. list_issues(state="open", labels=null)
2. For each unlabeled issue:
- read_issue(issue_number)
- add_label("needs-triage")
Release Automation
Human: "Prepare v2.0.0 release"
Agent:
1. create_branch("release/v2.0.0")
2. update_file("package.json", version="2.0.0")
3. update_file("CHANGELOG.md", new_release_notes)
4. create_pull_request("release/v2.0.0" -> "main")
5. create_release(tag="v2.0.0", notes=changelog)
Documentation Sync
Human: "Update documentation from code comments"
Agent:
1. search_code(query="* @description")
2. extract_docstrings()
3. generate_markdown_docs()
4. update_file("docs/API.md", generated_docs)
5. create_pull_request("Update API documentation")
Use Cases
🛠️ Development Assistants
Agents that help developers with repetitive GitHub tasks: creating issues, managing labels, updating documentation, code review.
🤖 CI/CD Automation
Build agents that trigger workflows, check build status, create releases, manage deployments.
📊 Repository Analytics
Analyze code quality, track issue resolution time, monitor PR velocity, generate reports.
🔍 Code Search & Discovery
Find code patterns, identify dependencies, discover similar implementations, locate technical debt.
📝 Documentation Automation
Sync code comments to docs, generate API references, update changelogs, maintain README files.
Security Best Practices
✅ Use Fine-Grained Tokens
Prefer fine-grained tokens over classic PATs. Limit scope to specific repositories and permissions.
✅ Read-Only When Possible
If the agent only needs to read code/issues, grant read-only access.
✅ Environment Variables
Never hard-code tokens. Always use environment variables.
✅ Token Rotation
Rotate tokens regularly. Set expiration dates.
✅ Audit Agent Actions
Monitor what the agent does. GitHub activity log tracks all API operations.
Rate Limits
Authenticated Requests:
- 5,000 requests/hour (per user)
- Search API: 30 requests/minute
Best Practices:
- Cache repository data when possible
- Batch operations where applicable
- Use conditional requests (
If-None-Matchheaders)
vs Manual GitHub API Integration
| Task | Manual API | GitHub MCP |
|---|---|---|
| Setup Time | Hours (auth, SDK, error handling) | Minutes (config file) |
| Code Required | Yes (HTTP client, auth, parsing) | No (MCP tools auto-discovered) |
| Agent Integration | Manual tool definitions | Automatic via MCP |
| Auth Management | Custom implementation | Built-in OAuth flow |
| Error Handling | Custom retry logic | Handled by server |
Troubleshooting
"Bad credentials" Error
- Verify token has not expired
- Ensure token has required scopes (
repo,read:user) - Check token is correctly set in environment variable
"Resource not found" Error
- Verify repository name format:
owner/repo - Check agent has access to private repositories (if applicable)
- Ensure branch/file path exists
Rate Limit Errors
- Wait for rate limit reset (check
X-RateLimit-Resetheader) - Reduce query frequency
- Consider GitHub Apps for higher limits
Resources
- MCP Registry: https://registry.modelcontextprotocol.io/
- GitHub API Docs: https://docs.github.com/en/rest
- Create Token: https://github.com/settings/tokens
- Rate Limits: https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api
Advanced Configuration
{
"mcpServers": {
"github": {
"command": "node",
"args": ["/path/to/github-mcp/build/index.js"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx",
"GITHUB_API_URL": "https://api.github.com",
"DEFAULT_BRANCH": "main",
"AUTO_PAGINATION": "true"
}
}
}
}
The GitHub integration every coding agent needs: From code review to release automation, GitHub MCP brings the full power of GitHub to AI agents.
Overview
GitHub MCP Server connects AI agents to GitHub for repository management, file operations, issue/PR tracking, branch management, and full API interaction. It enables agents to clone repos, read and modify files, manage issues and pull requests, and automate GitHub workflows without manual API calls. This is essential for development workflows, code review automation, CI/CD management, and repository operations.
How This Skill Works
The MCP server exposes GitHub capabilities as structured tools that agents invoke to perform clone, read/update files, manage issues and PRs, and handle branches and releases. It uses OAuth-based authentication with fine-grained permissions, so agents access only what you authorize. Pre-configured tools are provided to streamline common workflows and minimize direct API calls.
When to Use It
- When agents need to clone repositories and navigate codebases.
- When agents must read or modify files, search code, or inspect project structure.
- When automating issue creation, PR reviews, or discussions.
- When managing branches, merges, and release workflows.
- When you want zero-setup pre-configured tools for common GitHub workflows.
Quick Start
- Step 1: Install the MCP server for GitHub (npm install -g @modelcontextprotocol/server-github) or build from source.
- Step 2: Get a GitHub token with appropriate scopes (repo, read:user, read:org).
- Step 3: Add to your MCP client config using the GitHub MCP server settings (see Configuration section for the exact JSON).
Best Practices
- Use fine-grained tokens with the minimum required scopes (Contents, Issues, Pull Requests, etc.).
- Store tokens securely (e.g., environment variables) and avoid embedding them in code.
- Limit access to only the repositories and organizations you need.
- Test actions in a staging or non-production repository before production use.
- Regularly rotate tokens and review permissions and access.
Example Use Cases
- Clone the OpenAI GPT-4 repository.
- Read the contents of README.md in the repository.
- Create an issue: 'Add dark mode support'.
- Create a PR to merge feature/login into main.
- Merge the 'develop' branch into 'main'.
