Delv
Official (Anthropic)Active· 12d4.7by Anthropic

GitHub

Full GitHub API access - manage repos, issues, PRs, and code search. One of the most useful MCPs for any developer workflow.

View repo
A
Safety & Trust

Delv Safety Grade: A

Score 84/100 · assessed 2026-04-22

Maintainer95
Permissions65
Supply chain90
Transparency92
Incidents100

This is Anthropic's official GitHub MCP server, maintained in their primary servers repository with excellent documentation and active development. It provides comprehensive GitHub API access including repository management, issue tracking, pull requests, and code search. The maintainer score is exceptional given Anthropic's backing and the monorepo structure with multiple contributors. Supply chain is solid via npm with standard installation. Transparency is excellent with full source visibility and clear documentation. The main safety consideration is the broad permission scope: a personal access token grants extensive write capabilities across repositories, issues, and pull requests. The token's scope depends entirely on what permissions the user grants when creating it, which could range from read-only to full admin access. There are no known security incidents. The risk profile is moderate due to the powerful write capabilities, but this is inherent to GitHub API functionality rather than a flaw in the server itself.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Same trifecta surface as the official server. Issues, PRs, and repo contents are mixed-trust.

Green flags

  • Official Anthropic server with active maintenance in primary monorepo
  • Published via npm with standard semver and package registry verification
  • Fully open source with comprehensive documentation and examples
  • Well-established tool widely used in developer workflows
  • Token permissions are user-controlled via GitHub's own token scoping

Red flags

  • Personal access token can have very broad GitHub permissions if misconfigured
  • Write access to repos, PRs, and issues means potential for destructive actions
  • Token compromise could allow unauthorized repository modifications
  • No built-in scope limiting beyond what user sets in GitHub token settings

Permissions requested

Outbound networkAccess secretsRepo readRepo writeIdentity readIdentity write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @modelcontextprotocol/server-github
Paste into your host's MCP config:
{
  "github": {
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/server-github"],
    "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..." }
  }
}
Env vars needed: GITHUB_PERSONAL_ACCESS_TOKEN

Review

This is the MCP server I reach for most often. It wraps the entire GitHub API, so your AI can open pull requests, triage issues, search code across repos, and read commit history without you leaving the conversation. The setup is dead simple: generate a personal access token, drop it in your config, and you're done. I use it constantly for two things. First, opening PRs directly from Claude Desktop after I've drafted changes in a separate editor. I describe what I changed, Claude reads the diff, writes a proper PR description with context, and opens it. Second, triaging issues. I'll ask Claude to pull the last 20 open issues from a repo, summarise the ones that need attention, and draft responses for the easy ones. It's faster than clicking through the GitHub UI, and the summaries are genuinely useful. The code search is surprisingly good. You can ask it to find all uses of a function across multiple repos, or locate where a specific error message is thrown. It's not as fast as grep if you already have the repos cloned, but it's unbeatable when you're working across organisations or repos you don't have locally. Quirks: it respects your token's permissions, so if you're working with private repos, make sure the token has the right scopes. The server doesn't cache anything, so repeated queries hit the API each time. That's fine for occasional use, but if you're running it in a loop, you'll burn through your rate limit. Who shouldn't bother: if you never work with GitHub, obviously. Also, if you're only using it to read public repos, you might not need the full API. But for anyone who maintains projects, reviews PRs, or manages issues, this is one of the most immediately useful MCPs in the directory. It's the kind of tool that makes you wonder how you worked without it.
Verdict

Install this if you do any serious work on GitHub. It's one of the few MCPs that feels essential rather than experimental. Skip it only if you never touch repositories or prefer clicking through the web UI for everything.

Good at

  • Covers the entire GitHub API, so you can do almost anything you'd do in the web UI.
  • Opening PRs from conversation is genuinely faster than the browser workflow once you're used to it.
  • Cross-repo code search works well for finding patterns or tracking down references.
  • Official Anthropic server, so it's well-maintained and documented.
  • Setup is straightforward - one token, one config entry, done.

Watch out

  • No response caching, so repeated queries hit the API and burn rate limits.
  • Requires a personal access token with appropriate scopes, which some organisations restrict.
  • Hosts beyond Claude Desktop need manual config file editing.
  • Large repos with thousands of issues can produce overwhelming responses without careful prompting.

Use cases

  • Opening PRs from conversation
  • Triaging issues automatically
  • Cross-repo code search
  • Drafting release notes from commits

Getting started

1. Generate a GitHub personal access token at github.com/settings/tokens with repo and workflow scopes. 2. Run `npx -y @modelcontextprotocol/server-github` to install, then add the config snippet to your MCP host's settings file, replacing `ghp_...` with your actual token. 3. Restart your host (Claude Desktop, Cursor, etc.) and ask it to list your repositories or open issues from a specific repo to verify the connection. 4. Watch your API rate limits if you're making lots of requests in quick succession - the server doesn't cache responses. 5. If you're working with private repos, double-check your token has the correct organisation access.

Works with

Claude DesktopClaude CodeCursorWindsurfClineZedCodex

Similar MCPs