Manage GitHub repos, collaboration workflows, and automation from one tool.
This MCP tool claims broad GitHub operation capabilities and can push local folders into repositories. While the material shows no separate secret requirement and no custom remote endpoint, and the source is open for audit, its normal functionality inherently involves code execution, local data access, and interaction with GitHub, so caution is warranted. No explicit high-risk red flags are evident from the provided material, but community adoption is low and maintenance status is unknown.
The material states there are no required keys/environment variables, but the claimed features include push, releases, issues, PRs, Actions, secrets, and security operations on GitHub, which normally require an existing GitHub login session or token-based authorization. If a high-privilege GitHub credential is used, there is a standard risk of misuse for repository writes, secret management, and account-level actions.
The material lists no remote endpoint host, but the claimed functionality inherently requires communication with GitHub services and may upload repository content, issue/PR text, release artifacts, or local folder contents. There is no clear evidence in the provided material that data is sent to unknown or unrelated third-party endpoints.
The system flags this tool as executes-code, indicating it executes code or spawns processes locally. Combined with its 'create repos from local folders and push' capability, it likely uses local Git or related system capabilities as part of normal operation. This alone does not justify a high-risk rating, but the runtime environment should be constrained.
The description explicitly says it can create repositories from local folders and push them, which means it at least needs read access to user-selected local directories. It also involves reading and writing GitHub resources such as repositories, PRs, issues, Actions, and secrets. The material does not show requests for local system permissions beyond the stated functionality, but users should avoid selecting sensitive directories or mismanaging sensitive repository resources.
Positive factors include being open source, auditable, and MIT-licensed. However, it comes from a third-party registry, has 0 stars, unknown maintenance status, and no README, which weakens transparency and maturity signals. There is no evidence of closed-source behavior or obvious malicious intent, so caution is more appropriate than a high-risk rating.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "github-mcp-server" yet — see the docs or source repo.
Please turn my local folder 'my-app' into a new GitHub repository named 'my-app', make it public, initialize a README, and push the current code.
Returns the repository creation and code push result, including the repo URL and execution status.
List all issues opened in the last two weeks and all pending review PRs in the repository, then organize them by priority with owners and recommended next steps.
Outputs a structured issue and PR summary for quick team follow-up.
Review this GitHub repository's Actions workflows, secrets, and security settings, identify potential risks, and suggest improvements.
Generates a security review report with risks, current configurations, and improvement suggestions.
Manage GitHub repositories, files, and user profiles through MCP actions.
Manage end-to-end GitHub workflows safely through verified git and gh steps.
Manage GitHub repositories, labels, topics, and files through API automation.
Manage GitHub repos, issues, PRs, code search, and CI status in one place.
Access GitHub profiles, repository data, and search results through read-only AI tools.
Create GitHub repositories quickly through MCP to start projects and collaboration.