ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub MCP Server

GitHub MCP Server enables AI agents to manage repos, read/update files, handle issues/PRs, branches, and automate GitHub workflows via the API.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.6k · 17 current installs · 19 all-time installs
bySiddharth Menon@BuddhaSource
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name and description match the SKILL.md instructions (GitHub repo and issue/PR management). However, the registry metadata declares no primary credential or required env vars while the SKILL.md explicitly instructs the user to provide a GITHUB_PERSONAL_ACCESS_TOKEN (and recommends scopes such as repo/read:org). That omission is an inconsistency: a GitHub integration legitimately needs credentials, so the metadata should declare them.
Instruction Scope
The runtime instructions themselves stay within the stated purpose: cloning repos, reading/updating files, creating issues/PRs, branch operations, and examples of workflows. The instructions do not ask agents to read unrelated system files or other credentials. They do, however, show example commands (npm install -g, git clone, npx) and configuration that will cause the agent to run external commands if followed.
Install Mechanism
This is an instruction-only skill (no install spec in registry), but the SKILL.md recommends installing @modelcontextprotocol/server-github via npm or building from a GitHub repo. Those sources are standard (GitHub/npm), not obviously malicious, but the registry's lack of an install spec means there's no pinned, auditable package/version; the use of 'npx -y' (runs remote code immediately) and unpinned installs increases risk unless the package and source are verified.
!
Credentials
The skill requires a GitHub token to operate, and the SKILL.md recommends broad scopes (e.g., repo full access). Yet requires.env in metadata is empty and primary credential is unset. Asking for full repo permissions is proportionate to many operations but should be explicit and minimized (fine-grained token limited to specific repos and scopes). The metadata omission prevents automated validation and is a meaningful gap.
Persistence & Privilege
The skill does not request always:true and has no declared config paths; that's appropriate. However, the platform default allows autonomous invocation. Combined with a GitHub token that grants write/merge/release rights, an autonomously-invoking agent could make destructive or sensitive changes. Consider adjusting invocation policies or token privileges accordingly.
What to consider before installing
This skill appears to do what it says (manage GitHub repos) but the registry metadata is incomplete: SKILL.md shows you must supply a GITHUB_PERSONAL_ACCESS_TOKEN (often with wide 'repo' scopes), yet the skill declares no required credentials. Before installing or using it: - Require the publisher to update metadata to list required env vars (e.g., GITHUB_PERSONAL_ACCESS_TOKEN) and to pin an install source/version. - Prefer a fine-grained GitHub token scoped only to the specific repos and permissions needed (Contents Read/Write, Issues/PRs only where necessary), and set an expiration. Avoid granting org-wide or full 'repo' scope when not needed. - Avoid running unpinned npx installs (-y) or global npm installs without auditing the package; prefer installing a specific, vetted release and review its source code. - Treat the token as sensitive: store it in a secrets manager or environment not accessible to other skills/agents. - If you do not want the agent to act autonomously, restrict the skill's invocation (disable autonomous invocation or require manual approval for actions that write/merge/create releases). What would change this assessment: metadata that declares the exact required env var(s), a pinned/official install source (GitHub release or verified npm package with version), and explicit recommendations for least-privilege token scopes would raise confidence toward 'benign'. Conversely, discovery of untrusted third-party install instructions, requests for unrelated credentials, or commands that read unrelated system files would lower confidence further.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972hf06g7mmy00dmyp0fykwed814f90

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitHub MCP Server

Complete GitHub Integration for AI Agents

Connect AI agents to GitHub for repository management, code operations, issue tracking, pull requests, and the full GitHub API.

Why GitHub MCP?

🤖 Agent-Native GitHub Workflows

Enable agents to perform complex GitHub operations that previously required manual API integration:

  • Clone and navigate repositories
  • Read and modify files
  • Create issues and pull requests
  • Review code and discussions
  • Manage branches and releases

🔐 Secure Authentication

OAuth-based authentication with fine-grained permissions. Agents access only what you authorize.

📦 Zero Setup for Common Operations

Pre-configured tools for the most common GitHub workflows. No manual API calls required.

Installation

Option 1: Official MCP Server (Archived - Community Maintained)

# Community-maintained GitHub MCP server
npm install -g @modelcontextprotocol/server-github

# Or build from source
git clone https://github.com/modelcontextprotocol/servers-archived
cd servers-archived/src/github
npm install
npm run build

Option 2: Third-Party Implementations

Several community implementations available. Check the MCP Registry for current options.

Configuration

Add to your MCP client config:

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

Get GitHub Token

  1. Go to https://github.com/settings/tokens
  2. Generate new token (classic) or fine-grained token
  3. Select scopes:
    • repo - Full repository access
    • read:user - Read user profile
    • read:org - Read organization data (if needed)

Fine-Grained Token (recommended):

  • Repository permissions: Contents (Read/Write), Issues (Read/Write), Pull Requests (Read/Write)
  • Organization permissions: Members (Read) if accessing org repos

Available Tools

Repository Operations

1. Create Repository

Agent: "Create a new repository called 'my-project'"

2. Clone Repository

Agent: "Clone the OpenAI GPT-4 repository"

3. List Repository Files

Agent: "What files are in the src/ directory?"

File Operations

4. Read File

Agent: "Show me the README.md file"
Agent: "Read the contents of src/index.ts"

5. Create/Update File

Agent: "Create a new file docs/API.md with API documentation"
Agent: "Update the version in package.json to 2.0.0"

6. Search Code

Agent: "Search for files containing 'authentication logic'"
Agent: "Find where the DatabaseConnection class is defined"

Issue & PR Management

7. Create Issue

Agent: "Create an issue: 'Add dark mode support'"

8. List Issues

Agent: "Show me all open bugs"
Agent: "What issues are assigned to me?"

9. Create Pull Request

Agent: "Create a PR to merge feature/login into main"

10. Review Pull Request

Agent: "Review PR #42 and check for security issues"

Branch Operations

11. Create Branch

Agent: "Create a new branch called 'feature/user-auth'"

12. List Branches

Agent: "Show all branches in this repo"

13. Merge Branch

Agent: "Merge 'develop' into 'main'"

Advanced Operations

14. Create Release

Agent: "Create a release v2.0.0 with the latest changes"

15. Search Repositories

Agent: "Find popular React component libraries"

16. Fork Repository

Agent: "Fork the Vue.js repository to my account"

Agent Workflow Examples

Code Review Automation

Human: "Review all PRs and flag security issues"

Agent:
1. list_pull_requests(state="open")
2. For each PR:
   - get_pull_request(pr_number)
   - read_changed_files()
   - analyze for security vulnerabilities
   - create_review_comment(security_findings)

Issue Triage

Human: "Label all new issues with 'needs-triage'"

Agent:
1. list_issues(state="open", labels=null)
2. For each unlabeled issue:
   - read_issue(issue_number)
   - add_label("needs-triage")

Release Automation

Human: "Prepare v2.0.0 release"

Agent:
1. create_branch("release/v2.0.0")
2. update_file("package.json", version="2.0.0")
3. update_file("CHANGELOG.md", new_release_notes)
4. create_pull_request("release/v2.0.0" -> "main")
5. create_release(tag="v2.0.0", notes=changelog)

Documentation Sync

Human: "Update documentation from code comments"

Agent:
1. search_code(query="* @description")
2. extract_docstrings()
3. generate_markdown_docs()
4. update_file("docs/API.md", generated_docs)
5. create_pull_request("Update API documentation")

Use Cases

🛠️ Development Assistants

Agents that help developers with repetitive GitHub tasks: creating issues, managing labels, updating documentation, code review.

🤖 CI/CD Automation

Build agents that trigger workflows, check build status, create releases, manage deployments.

📊 Repository Analytics

Analyze code quality, track issue resolution time, monitor PR velocity, generate reports.

🔍 Code Search & Discovery

Find code patterns, identify dependencies, discover similar implementations, locate technical debt.

📝 Documentation Automation

Sync code comments to docs, generate API references, update changelogs, maintain README files.

Security Best Practices

✅ Use Fine-Grained Tokens

Prefer fine-grained tokens over classic PATs. Limit scope to specific repositories and permissions.

✅ Read-Only When Possible

If the agent only needs to read code/issues, grant read-only access.

✅ Environment Variables

Never hard-code tokens. Always use environment variables.

✅ Token Rotation

Rotate tokens regularly. Set expiration dates.

✅ Audit Agent Actions

Monitor what the agent does. GitHub activity log tracks all API operations.

Rate Limits

Authenticated Requests:

  • 5,000 requests/hour (per user)
  • Search API: 30 requests/minute

Best Practices:

  • Cache repository data when possible
  • Batch operations where applicable
  • Use conditional requests (If-None-Match headers)

vs Manual GitHub API Integration

TaskManual APIGitHub MCP
Setup TimeHours (auth, SDK, error handling)Minutes (config file)
Code RequiredYes (HTTP client, auth, parsing)No (MCP tools auto-discovered)
Agent IntegrationManual tool definitionsAutomatic via MCP
Auth ManagementCustom implementationBuilt-in OAuth flow
Error HandlingCustom retry logicHandled by server

Troubleshooting

"Bad credentials" Error

  • Verify token has not expired
  • Ensure token has required scopes (repo, read:user)
  • Check token is correctly set in environment variable

"Resource not found" Error

  • Verify repository name format: owner/repo
  • Check agent has access to private repositories (if applicable)
  • Ensure branch/file path exists

Rate Limit Errors

  • Wait for rate limit reset (check X-RateLimit-Reset header)
  • Reduce query frequency
  • Consider GitHub Apps for higher limits

Resources

Advanced Configuration

{
  "mcpServers": {
    "github": {
      "command": "node",
      "args": ["/path/to/github-mcp/build/index.js"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx",
        "GITHUB_API_URL": "https://api.github.com",
        "DEFAULT_BRANCH": "main",
        "AUTO_PAGINATION": "true"
      }
    }
  }
}

The GitHub integration every coding agent needs: From code review to release automation, GitHub MCP brings the full power of GitHub to AI agents.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…