功能描述

GitHub MCP Server enables AI agents to manage repos, read/update files, handle issues/PRs, branches, and automate GitHub workflows via the API.

使用说明 (SKILL.md)

GitHub MCP Server

Name: GitHub MCP Server
Author: buddhasource

Complete GitHub Integration for AI Agents

Connect AI agents to GitHub for repository management, code operations, issue tracking, pull requests, and the full GitHub API.

Why GitHub MCP?

🤖 Agent-Native GitHub Workflows

Enable agents to perform complex GitHub operations that previously required manual API integration:

Clone and navigate repositories
Read and modify files
Create issues and pull requests
Review code and discussions
Manage branches and releases

🔐 Secure Authentication

OAuth-based authentication with fine-grained permissions. Agents access only what you authorize.

📦 Zero Setup for Common Operations

Pre-configured tools for the most common GitHub workflows. No manual API calls required.

Installation

Option 1: Official MCP Server (Archived - Community Maintained)

# Community-maintained GitHub MCP server
npm install -g @modelcontextprotocol/server-github

# Or build from source
git clone https://github.com/modelcontextprotocol/servers-archived
cd servers-archived/src/github
npm install
npm run build

Option 2: Third-Party Implementations

Several community implementations available. Check the MCP Registry for current options.

Configuration

Add to your MCP client config:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Get GitHub Token

Go to https://github.com/settings/tokens
Generate new token (classic) or fine-grained token
Select scopes:
- repo - Full repository access
- read:user - Read user profile
- read:org - Read organization data (if needed)

Fine-Grained Token (recommended):

Repository permissions: Contents (Read/Write), Issues (Read/Write), Pull Requests (Read/Write)
Organization permissions: Members (Read) if accessing org repos

Available Tools

Repository Operations

1. Create Repository

Agent: "Create a new repository called 'my-project'"

2. Clone Repository

Agent: "Clone the OpenAI GPT-4 repository"

3. List Repository Files

Agent: "What files are in the src/ directory?"

File Operations

4. Read File

Agent: "Show me the README.md file"
Agent: "Read the contents of src/index.ts"

5. Create/Update File

Agent: "Create a new file docs/API.md with API documentation"
Agent: "Update the version in package.json to 2.0.0"

6. Search Code

Agent: "Search for files containing 'authentication logic'"
Agent: "Find where the DatabaseConnection class is defined"

Issue & PR Management

7. Create Issue

Agent: "Create an issue: 'Add dark mode support'"

8. List Issues

Agent: "Show me all open bugs"
Agent: "What issues are assigned to me?"

9. Create Pull Request

Agent: "Create a PR to merge feature/login into main"

10. Review Pull Request

Agent: "Review PR #42 and check for security issues"

Branch Operations

11. Create Branch

Agent: "Create a new branch called 'feature/user-auth'"

12. List Branches

Agent: "Show all branches in this repo"

13. Merge Branch

Agent: "Merge 'develop' into 'main'"

Advanced Operations

14. Create Release

Agent: "Create a release v2.0.0 with the latest changes"

15. Search Repositories

Agent: "Find popular React component libraries"

16. Fork Repository

Agent: "Fork the Vue.js repository to my account"

Agent Workflow Examples

Code Review Automation

Human: "Review all PRs and flag security issues"

Agent:
1. list_pull_requests(state="open")
2. For each PR:
   - get_pull_request(pr_number)
   - read_changed_files()
   - analyze for security vulnerabilities
   - create_review_comment(security_findings)

Issue Triage

Human: "Label all new issues with 'needs-triage'"

Agent:
1. list_issues(state="open", labels=null)
2. For each unlabeled issue:
   - read_issue(issue_number)
   - add_label("needs-triage")

Release Automation

Human: "Prepare v2.0.0 release"

Agent:
1. create_branch("release/v2.0.0")
2. update_file("package.json", version="2.0.0")
3. update_file("CHANGELOG.md", new_release_notes)
4. create_pull_request("release/v2.0.0" -> "main")
5. create_release(tag="v2.0.0", notes=changelog)

Documentation Sync

Human: "Update documentation from code comments"

Agent:
1. search_code(query="* @description")
2. extract_docstrings()
3. generate_markdown_docs()
4. update_file("docs/API.md", generated_docs)
5. create_pull_request("Update API documentation")

Use Cases

🛠️ Development Assistants

Agents that help developers with repetitive GitHub tasks: creating issues, managing labels, updating documentation, code review.

🤖 CI/CD Automation

Build agents that trigger workflows, check build status, create releases, manage deployments.

📊 Repository Analytics

Analyze code quality, track issue resolution time, monitor PR velocity, generate reports.

🔍 Code Search & Discovery

Find code patterns, identify dependencies, discover similar implementations, locate technical debt.

📝 Documentation Automation

Sync code comments to docs, generate API references, update changelogs, maintain README files.

Security Best Practices

✅ Use Fine-Grained Tokens

Prefer fine-grained tokens over classic PATs. Limit scope to specific repositories and permissions.

✅ Read-Only When Possible

If the agent only needs to read code/issues, grant read-only access.

✅ Environment Variables

Never hard-code tokens. Always use environment variables.

✅ Token Rotation

Rotate tokens regularly. Set expiration dates.

✅ Audit Agent Actions

Monitor what the agent does. GitHub activity log tracks all API operations.

Rate Limits

Authenticated Requests:

5,000 requests/hour (per user)
Search API: 30 requests/minute

Best Practices:

Cache repository data when possible
Batch operations where applicable
Use conditional requests (If-None-Match headers)

vs Manual GitHub API Integration

Task	Manual API	GitHub MCP
Setup Time	Hours (auth, SDK, error handling)	Minutes (config file)
Code Required	Yes (HTTP client, auth, parsing)	No (MCP tools auto-discovered)
Agent Integration	Manual tool definitions	Automatic via MCP
Auth Management	Custom implementation	Built-in OAuth flow
Error Handling	Custom retry logic	Handled by server

Troubleshooting

"Bad credentials" Error

Verify token has not expired
Ensure token has required scopes (repo, read:user)
Check token is correctly set in environment variable

"Resource not found" Error

Verify repository name format: owner/repo
Check agent has access to private repositories (if applicable)
Ensure branch/file path exists

Rate Limit Errors

Wait for rate limit reset (check X-RateLimit-Reset header)
Reduce query frequency
Consider GitHub Apps for higher limits

Resources

MCP Registry: https://registry.modelcontextprotocol.io/
GitHub API Docs: https://docs.github.com/en/rest
Create Token: https://github.com/settings/tokens
Rate Limits: https://docs.github.com/en/rest/overview/rate-limits-for-the-rest-api

Advanced Configuration

{
  "mcpServers": {
    "github": {
      "command": "node",
      "args": ["/path/to/github-mcp/build/index.js"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx",
        "GITHUB_API_URL": "https://api.github.com",
        "DEFAULT_BRANCH": "main",
        "AUTO_PAGINATION": "true"
      }
    }
  }
}

The GitHub integration every coding agent needs: From code review to release automation, GitHub MCP brings the full power of GitHub to AI agents.

安全使用建议

This skill appears to do what it says (manage GitHub repos) but the registry metadata is incomplete: SKILL.md shows you must supply a GITHUB_PERSONAL_ACCESS_TOKEN (often with wide 'repo' scopes), yet the skill declares no required credentials. Before installing or using it: - Require the publisher to update metadata to list required env vars (e.g., GITHUB_PERSONAL_ACCESS_TOKEN) and to pin an install source/version. - Prefer a fine-grained GitHub token scoped only to the specific repos and permissions needed (Contents Read/Write, Issues/PRs only where necessary), and set an expiration. Avoid granting org-wide or full 'repo' scope when not needed. - Avoid running unpinned npx installs (-y) or global npm installs without auditing the package; prefer installing a specific, vetted release and review its source code. - Treat the token as sensitive: store it in a secrets manager or environment not accessible to other skills/agents. - If you do not want the agent to act autonomously, restrict the skill's invocation (disable autonomous invocation or require manual approval for actions that write/merge/create releases). What would change this assessment: metadata that declares the exact required env var(s), a pinned/official install source (GitHub release or verified npm package with version), and explicit recommendations for least-privilege token scopes would raise confidence toward 'benign'. Conversely, discovery of untrusted third-party install instructions, requests for unrelated credentials, or commands that read unrelated system files would lower confidence further.

功能分析

Type: OpenClaw Skill Name: github-mcp Version: 1.0.0 The skill bundle is classified as suspicious due to its requirement for a highly privileged GitHub Personal Access Token (PAT), potentially with 'repo' scope (full repository access), which grants extensive capabilities including reading, creating, and updating files across repositories. While these capabilities are necessary for the stated purpose of GitHub integration, they introduce a significant attack surface and high potential for misuse if the AI agent is compromised or given malicious instructions. The installation method using `npx -y` also carries a minor risk, though it points to an official package. The `SKILL.md` itself does not contain explicit prompt injection attempts or instructions for malicious actions, but the inherent power of the tools it enables makes it a high-risk component.

能力评估

⚠ Purpose & Capability

The name and description match the SKILL.md instructions (GitHub repo and issue/PR management). However, the registry metadata declares no primary credential or required env vars while the SKILL.md explicitly instructs the user to provide a GITHUB_PERSONAL_ACCESS_TOKEN (and recommends scopes such as repo/read:org). That omission is an inconsistency: a GitHub integration legitimately needs credentials, so the metadata should declare them.

✓ Instruction Scope

The runtime instructions themselves stay within the stated purpose: cloning repos, reading/updating files, creating issues/PRs, branch operations, and examples of workflows. The instructions do not ask agents to read unrelated system files or other credentials. They do, however, show example commands (npm install -g, git clone, npx) and configuration that will cause the agent to run external commands if followed.

ℹ Install Mechanism

This is an instruction-only skill (no install spec in registry), but the SKILL.md recommends installing @modelcontextprotocol/server-github via npm or building from a GitHub repo. Those sources are standard (GitHub/npm), not obviously malicious, but the registry's lack of an install spec means there's no pinned, auditable package/version; the use of 'npx -y' (runs remote code immediately) and unpinned installs increases risk unless the package and source are verified.

⚠ Credentials

The skill requires a GitHub token to operate, and the SKILL.md recommends broad scopes (e.g., repo full access). Yet requires.env in metadata is empty and primary credential is unset. Asking for full repo permissions is proportionate to many operations but should be explicit and minimized (fine-grained token limited to specific repos and scopes). The metadata omission prevents automated validation and is a meaningful gap.

ℹ Persistence & Privilege

The skill does not request always:true and has no declared config paths; that's appropriate. However, the platform default allows autonomous invocation. Combined with a GitHub token that grants write/merge/release rights, an autonomously-invoking agent could make destructive or sensitive changes. Consider adjusting invocation policies or token privileges accordingly.

版本历史

v1.0.0

Initial release: GitHub MCP integration for repository management, file operations, PR/issue tracking, and GitHub API access. Essential for development workflows and code automation.

元数据

Slug github-mcp

版本 1.0.0

许可证 —

累计安装 24

当前安装数 21

历史版本数 1

常见问题