GitHub MCP Server
GitHub's official MCP server — lets an agent read repos, file issues, and push code with your credentials, which is exactly as useful and as dangerous as it sounds.
What it actually does
This is the official bridge between an MCP client and the GitHub API, maintained by GitHub itself. Point an agent at it and the agent can list repositories, read code and issues, open pull requests, comment, and trigger workflows — whatever the token you hand it allows. It runs two ways: a hosted remote server you authorize with OAuth, or a local Docker container you feed a personal access token. The hosted option means no local setup; the local option means you can read every line before trusting it. Scope the token narrowly. An agent with a broad PAT is a junior engineer with your keys and no performance review.
Install
Read the source before you run this. Yes, actually.
From the desk
The Sunnyvale take
The rare MCP server with a real engineering organization behind it. It does what it says, the docs are honest about scopes, and when it breaks someone is paid to notice. The main risk isn't the server — it's how generous you get with the token.
Why it matters
Most agent workflows eventually touch a repo. This is the sanctioned way to do it, and it sets the bar the unofficial servers get measured against.
In practice
Wire it into Claude Code with a PAT scoped to one repo and let the agent do first-pass issue triage — summarize, label, flag duplicates — while a human still clicks merge.
The skeptic's note
Official doesn't mean safe by default. The permission model is your token, not the server, and GitHub's own docs quietly assume you read them.
Use cases
- Agent triages incoming issues and drafts responses
- Automated PR review and labeling
- Codebase Q&A across an org's repositories
Risks & caveats
Acts with the full permissions of the token you give it. A fine-grained PAT scoped to specific repos limits the blast radius; a classic token with repo scope does not. Prompt-injected issue or PR text can steer an agent that reads it.
Related tools
Full indexSame shelf, different trade-offs.
Filesystem MCP Server
The reference server that gives an agent read/write access to your disk, fenced to directories you name. Simple, official, and the single sharpest tool in the drawer.
Playwright MCP
Microsoft's browser-automation server — agents drive a real browser through the accessibility tree instead of squinting at screenshots. Fast, deterministic, and a genuinely good idea.
Git MCP Server
The reference server for local git — status, diff, log, commit, and branch operations on repositories you point it at. Your history becomes agent-writable, which is most of the point and all of the risk.