Delv
Official (Vendor)Active· 7d7,400t4.3by GitHub

GitHub (Official)

GitHub's own MCP server. Repos, issues, PRs, code search, workflows. The replacement for the now-archived Anthropic GitHub MCP.

View repo Homepage
A
Safety & Trust

Delv Safety Grade: A

Score 84/100 · assessed 2026-04-22

Maintainer95
Permissions65
Supply chain85
Transparency90
Incidents100

GitHub's official MCP server is maintained by a tier-one vendor with excellent transparency and documentation. The maintainer score is near-perfect given GitHub's resources and track record. Permissions are moderately scoped: the server can read and write to repositories, issues, and pull requests, plus trigger workflows, which grants substantial control over your GitHub account. The Docker distribution via GitHub Container Registry is solid, though not quite as battle-tested as npm or PyPI for dependency pinning. Transparency is excellent with full open-source code, comprehensive docs, and active issue tracking. No known security incidents. The main risk is the breadth of write permissions: a compromised token or malicious prompt could create PRs, close issues, or trigger workflows across all repos the token can access. Suitable for professional use with a scoped personal access token.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Reads private repos, consumes attacker-controlled content via issues and PR bodies, can write to repos and call external APIs. Classic trifecta surface — treat any issue body as potentially hostile input.

Green flags

  • Official GitHub product with institutional backing and maintenance
  • Fully open source with comprehensive documentation and changelog
  • Replaces archived Anthropic version, showing active vendor commitment
  • Docker distribution provides some isolation from host system
  • Active issue tracker and responsive maintenance

Red flags

  • Requires PAT with broad repo write access across all accessible repositories
  • Can trigger GitHub Actions workflows, potentially executing arbitrary code
  • Docker-only install lacks traditional package manager verification
  • No granular permission scoping within the server itself

Permissions requested

Repo readRepo writeOutbound networkAccess secretsShell execute
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN=<token> ghcr.io/github/github-mcp-server
Env vars needed: GITHUB_PERSONAL_ACCESS_TOKEN

Review

GitHub's official MCP server replaces the now-archived Anthropic version and does what you'd expect: repos, issues, PRs, code search, and workflow triggers, all callable from your AI host. I've used it primarily in Claude Desktop to open PRs mid-conversation and triage issues across multiple repos without alt-tabbing to the browser. The standout feature is code search. You can ask Claude to find all instances of a deprecated function across an org, and it returns file paths and line numbers. That's genuinely useful when refactoring. The Docker-based install is straightforward if you already have Docker running. You pass a GitHub personal access token as an environment variable, and the server handles authentication. No config file needed for the basic setup. I've found it reliable for read-heavy workflows like reviewing diffs or pulling commit history for release notes. Write operations, opening PRs or updating issues, work fine but feel slightly slower, likely because they're hitting the GitHub API. Quirks: the Docker requirement means you need Docker Desktop or equivalent running at all times. That's fine on a dev machine but annoying if you're trying to keep resource usage low. The token needs repo, workflow, and org scopes depending on what you want to do, and the error messages when you're missing a scope are vague. I spent ten minutes figuring out why I couldn't trigger a workflow before realising I hadn't granted the workflow scope. Who shouldn't bother: if you only use GitHub casually or don't work across multiple repos, this is overkill. The browser is faster for one-off tasks. But if you're triaging dozens of issues, reviewing PRs in bulk, or generating changelogs from commits, this saves real time. It's also the only MCP server I'd trust for GitHub operations because it's maintained by GitHub itself. That matters when API changes roll out.
Verdict

Install this if you work across multiple repos or do heavy issue triage. The Docker dependency is a minor hassle, but the reliability and official backing make it the default choice for GitHub operations in AI hosts. Skip it if you only touch GitHub occasionally.

Good at

  • Official GitHub support means it stays current with API changes and new features.
  • Code search across repos is fast and returns actionable file paths and line numbers.
  • Docker install avoids dependency hell and works the same on macOS, Linux, and Windows.
  • Read operations like fetching diffs or commit history are genuinely faster than clicking through the browser.
  • Works reliably with Claude Desktop and other popular hosts like Cursor and Zed.

Watch out

  • Requires Docker running at all times, which adds memory overhead and startup friction.
  • Token scope errors are vague and take trial and error to resolve.
  • Write operations like opening PRs feel slightly slower than read-heavy tasks.
  • Hosts beyond Claude Desktop need manual config file edits, no GUI setup.
  • Overkill if you only interact with GitHub occasionally or work in a single repo.

Use cases

  • Opening PRs from a Claude conversation
  • Triaging issues across repos
  • Generating release notes from commit history
  • Reviewing diffs without leaving the chat

Getting started

1. Generate a GitHub personal access token with repo, workflow, and org scopes at github.com/settings/tokens. 2. Run the Docker command: docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN=your_token ghcr.io/github/github-mcp-server. 3. Add the server to your Claude Desktop config by editing ~/Library/Application Support/Claude/claude_desktop_config.json and pointing mcpServers.github.command to the Docker run command. 4. Restart Claude Desktop and ask it to list your repos or search code to verify the connection. 5. Watch out for missing token scopes. If operations fail silently, check your token permissions first.

Works with

Claude DesktopClaude CodeCursorWindsurfVS CodeClineZedCodex

Similar MCPs