How many tools does the GitHub MCP Server have?

The remote server exposes 51 tools across 10 toolsets including repos, issues, pull requests, Actions, code security, Copilot, and notifications. You can enable or disable toolsets individually using the GITHUB_TOOLSETS environment variable.

What is the difference between the remote and local GitHub MCP Server?

The remote server at api.githubcopilot.com requires no Docker or local installation and supports OAuth authentication. The local Docker-based server gives you more control over toolset configuration via environment variables and works offline with cached data. Both provide the same core functionality.

Does the GitHub MCP Server work with Cursor?

Yes. Cursor v0.48+ supports the GitHub MCP Server. Add it to ~/.cursor/mcp.json with the remote server URL and a PAT in the Authorization header. Note that Cursor only sends the first 40 tools to agents, so you may want to limit toolsets if you enable all 51.

GitHub MCP Server Review: The Complete Guide to AI-Powered Repository Management

Q: Is the GitHub MCP Server free?

Yes. The GitHub MCP Server is completely free and open source under the MIT license. The GitHub API it connects to is also free within standard rate limits (5,000 requests per hour with a personal access token). There are no paid tiers or premium features.

Q: How do I set up the GitHub MCP Server?

The easiest method is the remote server at https://api.githubcopilot.com/mcp/. In VS Code, add it to .vscode/mcp.json with type http and the URL. OAuth handles authentication automatically. For Claude Desktop, use the Docker image ghcr.io/github/github-mcp-server with a personal access token.

Q: Is the GitHub MCP Server safe to use?

Mostly yes, but with caveats. A prompt injection vulnerability was discovered in May 2025 where malicious GitHub issues could hijack AI agents. GitHub has since added Lockdown mode, content sanitization, and automatic scope filtering. Use fine-grained PATs scoped to specific repos for maximum security.

Q: What are the rate limits for the GitHub MCP Server?

With a personal access token, you get 5,000 requests per hour. GitHub Enterprise Cloud users get 15,000 per hour per repo. Heavy AI agent usage can burn through these limits quickly. Users have reported hitting the cap within minutes during intensive sessions.

Key Takeaways

GitHub MCP Server is the official, first-party MCP server from GitHub with 51 tools covering repos, issues, PRs, Actions, and security
The remote server at api.githubcopilot.com/mcp/ requires zero Docker, zero config -- just OAuth sign-in
Works with 9+ IDEs including VS Code, Cursor, Windsurf, Claude Desktop, and JetBrains
Completely free and open source (MIT license) -- no paid tiers, no premium features
28,300+ GitHub stars make it the most popular MCP server in the ecosystem
Security concerns exist around prompt injection via issues -- mitigated by Lockdown mode and content sanitization
Rate limits (5,000 req/hour) can be hit fast during heavy agent usage -- plan accordingly

What Is the GitHub MCP Server?
Key Features
How to Set Up the GitHub MCP Server
Pricing and Rate Limits
Pros and Cons
Alternatives Comparison
FAQ
Final Verdict

GitHub MCP Server Review - AI-Powered Repository Management for Claude, Cursor, and VS Code

What Is the GitHub MCP Server?

The GitHub MCP Server is the official Model Context Protocol server built and maintained by GitHub. It gives AI coding assistants -- Claude, Cursor, Copilot, Windsurf, and others -- direct, structured access to the entire GitHub platform. Repos, issues, pull requests, Actions workflows, code scanning, notifications. All through natural language.

We have been running it daily since October 2025. It has fundamentally changed how we interact with repositories. Instead of switching between the browser, CLI, and editor, we just tell our AI assistant what we need and it handles the GitHub API calls behind the scenes.

GitHub originally released this as a TypeScript-based npm package (@modelcontextprotocol/server-github) in early 2025. That version is now deprecated. The current server is a complete rewrite in Go, built in collaboration with Anthropic, and first shipped as a public preview on April 4, 2025. As of March 2026, it is at version v0.32.0 with 28,300+ stars on GitHub.

The key thing that separates this from community MCP servers: it is a first-party GitHub product. That means direct API access, OAuth integration, enterprise support, and a team of GitHub engineers maintaining it full time. This is not some weekend project that might go stale in six months.

GitHub MCP Server statistics - 28,300 stars, 51 tools, 9+ IDEs supported — GitHub MCP Server by the numbers: the most popular MCP server in the ecosystem

Key Features

With 51 tools across 10 toolsets, the GitHub MCP Server covers almost everything you would do on GitHub. Here are the capabilities we actually use every day.

Repository Management

Create repos, read files, push commits, manage branches, search code across your entire org. The push_files tool lets you commit multiple files in a single operation -- no staging required.

Pull Request Workflows

Create PRs, review diffs, add line-by-line comments, submit reviews, and merge -- all from your AI chat. We use this for automated code reviews that catch issues before human reviewers even look.

Issue Management

Create, update, search, and comment on issues. The real power is bulk operations: "Show me all critical bugs from this week and add a triage label to each one." Done in seconds.

CI/CD and Actions

Monitor workflow runs, debug failed builds, re-run jobs. Ask "Why did the deploy fail?" and get a plain-English summary of the error logs with a suggested fix. This alone saves us 20 minutes per failed build.

Code Security Scanning

List code scanning alerts, review Dependabot findings, check for leaked secrets. The security toolset turns vulnerability management from a manual chore into a conversational workflow.

Copilot Integration

Assign Copilot to work on issues and request Copilot code reviews for PRs. Since v0.32.0, these tools are enabled by default. It is GitHub's AI working with your AI -- surprisingly effective for initial triage.

Dynamic Toolset Discovery

MCP hosts can discover and enable toolsets at runtime based on what the user is asking about. This keeps the tool count manageable and prevents context window bloat -- a real problem with 51 tools.

Read-Only and Lockdown Modes

Read-only mode disables all write operations -- perfect for auditing and exploration. Lockdown mode filters out content from untrusted contributors in public repos. Essential for enterprise security.

GitHub MCP Server feature overview - 51 tools across 10 toolsets — The 10 toolsets that make up the GitHub MCP Server ecosystem

How to Set Up the GitHub MCP Server

There are three ways to run the server. We recommend the remote server for most developers -- it takes less than a minute and requires zero local setup.

Remote Server (Recommended -- No Docker Required)

The fastest path. GitHub hosts the MCP server at https://api.githubcopilot.com/mcp/ and handles authentication via OAuth. No tokens to create, no Docker to install.

VS Code (v1.101+): Create or edit .vscode/mcp.json in your project root:

{
  "servers": {
    "github": {
      "type": "http",
      "url": "https://api.githubcopilot.com/mcp/"
    }
  }
}

That is it. VS Code prompts you to sign in with GitHub OAuth automatically. No PAT needed.

Cursor (v0.48+): Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "github": {
      "url": "https://api.githubcopilot.com/mcp/",
      "headers": {
        "Authorization": "Bearer YOUR_GITHUB_PAT"
      }
    }
  }
}

Cursor requires a Personal Access Token in the header. Create one at github.com/settings/tokens with repo scope.

Docker (Local Server)

Use this if you need full toolset control, work behind a corporate firewall, or want to run the server offline.

Claude Desktop: Edit your claude_desktop_config.json:

{
  "mcpServers": {
    "github": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "YOUR_GITHUB_PAT"
      }
    }
  }
}

Claude Code CLI: One-liner to add it globally:

claude mcp add github --scope user \
  -e GITHUB_PERSONAL_ACCESS_TOKEN=YOUR_PAT \
  -- docker run -i --rm \
  -e GITHUB_PERSONAL_ACCESS_TOKEN \
  ghcr.io/github/github-mcp-server

Configure Toolsets (Optional)

By default, the server enables repos, issues, pull_requests, and copilot toolsets. If you want Actions or security scanning, enable them explicitly.

# Enable specific toolsets via environment variable
GITHUB_TOOLSETS=repos,issues,pull_requests,actions,code_security

# Or enable everything
GITHUB_TOOLSETS=all

# Read-only mode (disables all write operations)
GITHUB_READ_ONLY=1

We recommend starting with the defaults and only adding toolsets when you need them. Loading all 51 tools can overwhelm some AI models -- Cursor, for example, only passes the first 40 tools to its agent.

GitHub MCP Server setup workflow - Remote vs Docker vs Source — Three paths to get started: remote (fastest), Docker (most control), or build from source

Pricing and Rate Limits

This is the part we like best. The GitHub MCP Server is completely free. No freemium tricks, no premium tiers, no enterprise upsells on the server itself. The only costs are whatever you already pay for GitHub and your AI assistant.

Free (All Users)

forever

MIT open source license
51 tools across 10 toolsets
5,000 API requests/hour
Remote server with OAuth
Docker and source builds
All IDE integrations

GitHub Pro

/month

Everything in Free
5,000 API requests/hour
Advanced code security
Protected branches
Draft PRs
Same MCP access

Enterprise Cloud

$21

/user/month

Everything in Pro
15,000 API requests/hour/repo
Custom MCP endpoint
Lockdown mode
SAML/SSO
Audit log streaming

The rate limit is the real constraint. At 5,000 requests per hour, you might think that is plenty. It is not. During a heavy AI agent session -- say, reviewing a large PR, searching code, and managing issues -- we have seen 2,000+ requests consumed in under 15 minutes. GitHub issue #933 documents users hitting the cap regularly.

Our advice: use conditional requests, avoid polling, and scope your toolsets to only what you need. Enterprise Cloud's 15,000/hour limit is the real answer for teams using this at scale.

Pros and Cons

Pros

Official first-party product -- maintained by GitHub engineers, not a community side project
Zero-config remote server -- OAuth sign-in, no Docker, no tokens for VS Code users
51 tools covering the full API surface -- repos, PRs, issues, Actions, security, notifications
Completely free -- MIT license, no paid tiers, works on free GitHub accounts
Enterprise-grade security -- Lockdown mode, content sanitization, scope filtering
Works with every major IDE -- VS Code, Cursor, Windsurf, Claude Desktop, JetBrains, and more
Active development -- monthly releases, responsive to community issues

Cons

Rate limits hit fast -- 5,000 req/hour sounds generous until your AI agent burns through 2,000 in 15 minutes
Prompt injection risk -- malicious GitHub issues can hijack AI agents (mitigated but not eliminated)
Tool overload -- 51 tools can confuse AI models, Cursor drops tools beyond the first 40
No OAuth in Windsurf -- PAT-only authentication limits the zero-config experience
Docker image pull issues -- occasional ghcr.io auth failures require manual token cleanup
Remote server has limited toolset config -- less flexibility than the local Docker server
GitHub-only -- no GitLab, Bitbucket, or Azure DevOps support

Alternatives Comparison

We tested the top alternatives head to head. Here is how they stack up.

Feature	GitHub MCP Server	GitKraken MCP	GitMCP	Composio GitHub
Maintainer	GitHub (official)	GitKraken	Community	Composio
Platforms	GitHub only	GitHub, GitLab, Bitbucket, Azure DevOps, Jira	GitHub only	GitHub only
Tools Count	51	30+	Read-only	20+
OAuth Support	Yes	Yes (via GitLens)	No	Yes
Write Operations	Full CRUD	Full CRUD	Read-only	Full CRUD
Enterprise Support	GHE + Lockdown	Yes	No	Limited
Price	Free	Free (GitLens bundled)	Free	Free tier + paid plans
GitHub Stars	28,300+	N/A (closed source)	2,100+	800+

GitHub MCP Server vs alternatives comparison chart — How GitHub MCP Server compares to the top alternatives in the ecosystem

Our take: If you only use GitHub, the official server is the clear winner. It has the deepest integration, best security features, and most active development. GitKraken MCP is the better choice if your team uses multiple platforms like GitLab or Bitbucket alongside GitHub. GitMCP is fine for read-only documentation use cases but cannot replace either for real workflow automation.

Frequently Asked Questions

What is the GitHub MCP Server?

The GitHub MCP Server is an official, first-party server built by GitHub that implements the Model Context Protocol standard. It gives AI coding assistants like Claude, Cursor, and Copilot direct access to GitHub repositories, issues, pull requests, Actions workflows, and code security features through natural language conversation.

Is the GitHub MCP Server free?

Yes, completely. The server is open source under the MIT license. The GitHub API is also free within rate limits (5,000 requests/hour with a PAT). The remote server at api.githubcopilot.com is free for all GitHub users regardless of plan. There are no paid tiers or premium features.

How do I set up the GitHub MCP Server in VS Code?

Create a .vscode/mcp.json file with the server type set to "http" and the URL set to "https://api.githubcopilot.com/mcp/". VS Code handles OAuth authentication automatically. No Docker, no PAT, no manual configuration required.

Is the GitHub MCP Server safe to use?

Mostly yes, with caveats. A prompt injection vulnerability was found in May 2025 where malicious issue content could hijack AI agents. GitHub has since added Lockdown mode, content sanitization, and scope filtering. Best practice: use fine-grained PATs scoped to specific repos and enable Lockdown mode for public repo work.

How many tools does the server have?

The remote server exposes 51 tools across 10 toolsets: repos, issues, pull_requests, actions, code_security, copilot, secret_protection, notifications, stargazers, and experiments. You can enable or disable toolsets individually to keep the tool count manageable for your AI model.

What is the difference between the remote and local server?

The remote server at api.githubcopilot.com requires no local setup and supports OAuth. The Docker-based local server gives more toolset control via environment variables and works behind firewalls. Both provide the same core 51 tools.

Can I use it with Claude Desktop?

Yes. Claude Desktop uses the Docker-based local server. Add the configuration to your claude_desktop_config.json file with your GitHub PAT and the Docker image ghcr.io/github/github-mcp-server. Pull the image first with docker pull ghcr.io/github/github-mcp-server.

What are the rate limits?

With a PAT, 5,000 requests per hour. Enterprise Cloud gets 15,000/hour per repo. Heavy AI agent usage can burn through these fast -- we have seen 2,000+ requests in 15 minutes during code review sessions. Use conditional requests and limit toolsets to conserve your budget.

Final Verdict

The GitHub MCP Server is the best MCP server we have tested in 2026. That is not hyperbole -- it is the most complete, most actively maintained, and most widely supported MCP integration available today.

We have been running it with Claude Code and Cursor across five active repositories for the past five months. It has eliminated our need to context-switch between the browser and editor for 90% of GitHub operations. PR reviews, issue triage, CI debugging, code search -- all handled through natural language without leaving the IDE.

The remote server with OAuth is genuinely impressive. Three lines of JSON and you have full GitHub access in VS Code. No Docker, no tokens, no configuration files to manage. GitHub made the right call shipping this as a hosted service alongside the self-hosted option.

The security story is solid but not perfect. The prompt injection vulnerability from May 2025 was a serious architectural issue, and while Lockdown mode and content sanitization have addressed the most dangerous attack vectors, the fundamental problem -- broad PATs giving AI agents access to repos they should not touch -- is still something you need to manage yourself with fine-grained tokens.

Rate limits are the other real pain point. 5,000 requests per hour sounds like a lot until your AI agent decides to fetch every file in a monorepo. You will learn to be specific with your prompts, and that is actually a good habit to build.

Bottom line: If you write code and use GitHub, install this today. It is free, it takes 60 seconds to set up, and it will change how you interact with your repositories. We give it a 4.5 out of 5 -- docking half a point for the rate limit constraints and the still-evolving security model.

4.5 / 5

Our Rating

Build Something With MCP?

We review MCP servers, AI coding tools, and developer productivity software every week. If you have built an MCP server or AI tool, we want to hear about it.

Submit Your Tool for Review