> mcp integration

GitHub MCP Server: What It Does & How to Use It with Claude

What the GitHub MCP server can do — read repos, manage issues and PRs, inspect Actions, surface security alerts — and how to connect it to Claude.

By Rhode Labs · Updated 2026-06-03

The GitHub MCP server lets an AI assistant work directly inside your repositories: reading code, searching files, filing and triaging issues, reviewing pull requests, and inspecting GitHub Actions runs through natural language. GitHub maintains it officially, and it connects to any MCP client, including Claude Cowork, Claude Code, and Claude Desktop.

What can the GitHub MCP server do?

Capabilities are grouped into toolsets you can enable or disable. These are the ones GitHub ships in the official server.

ToolsetWhat it enables
contextUser profile and operating environment, recommended so the assistant knows who and where it is
reposBrowse and search code, read files, list commits, and manage branches and releases without a local clone
issuesCreate, update, comment on, and triage issues
pull_requestsOpen, review, comment on, and merge pull requests
actionsInspect GitHub Actions workflows, fetch run logs, and re-run failed jobs
code_securitySurface code scanning alerts and security findings
dependabotRead dependency vulnerability alerts
secret_protectionReview secret-scanning results
discussions / labels / projects / orgs / notifications / gists / usersManage discussions, labels, project boards, org data, notifications, gists, and user lookups

Default toolsets (when none are specified) are context, repos, issues, pull_requests, and users. There are roughly twenty toolsets in total. Enable only what a given task needs.

Which server is official, and do you need a community fork?

  • Official (github/github-mcp-server): built and maintained by GitHub, open source under MIT. It is the right default. It ships as a hosted remote server and as a local Docker image or Go binary, with content sanitization against prompt injection enabled by default.
  • Community servers: older third-party GitHub MCP servers exist from before the official one shipped. They predate GitHub’s release and are now largely redundant. Stick with the official server unless you have a specific reason not to.

How do you connect it to Claude (Cowork / Code / Desktop)?

The fastest path is the remote server, with no install required.

  1. Use the remote URL. Point your MCP client at https://api.githubcopilot.com/mcp/ (type: http).
  2. Authenticate. On hosts that support it, sign-in opens in a browser. Otherwise pass a GitHub personal access token in the Authorization header. In Claude Cowork, add it as a connector; in Claude Code, claude mcp add the HTTP endpoint; in Claude Desktop, add it under MCP servers in settings.
  3. Scope it down. Enable only the toolsets you need with the X-MCP-Toolsets header (e.g. repos,issues,pull_requests) and start read-only with X-MCP-Readonly.

Prefer to self-host? Run the Docker image (ghcr.io/github/github-mcp-server) with a GITHUB_PERSONAL_ACCESS_TOKEN and the same --read-only / --toolsets flags.

How we use it: Good for repo-aware Q&A (“where is auth handled in this service?”), drafting issue triage, and reading Actions logs to explain a failing build. Bad for autonomous merging across many repos, so keep a human in the loop on writes. One real gotcha: loading every default toolset floods the context window, so we explicitly pass X-MCP-Toolsets and trim to the three to ten tools a task actually needs.

How do you keep it secure?

Token scopes decide everything. Start with a read-only token (or X-MCP-Readonly) and the minimum scopes (repo, read:org, read:user), then add write or security_events only when a workflow truly needs it. For public-repo exposure, lockdown mode surfaces content only from users with push access, and content sanitization against prompt injection is on by default.

Wiring GitHub into your stack

A GitHub-connected assistant is most useful when it sits next to the rest of your data: your database, your task tracker, your docs. We help teams wire MCP servers like this into Claude with sane scopes, read-only defaults, and a clear audit trail. If you want a hand getting it production-ready, Book a discovery call.

Sources: official repo · remote server docs · GitHub Docs: set up the MCP server · GitHub Blog: practical guide

Frequently asked questions

Does the GitHub MCP server work with Claude?
Yes. It works with any MCP client, including Claude Cowork, Claude Code, and Claude Desktop. GitHub hosts a remote server at https://api.githubcopilot.com/mcp/ that you can add without running anything locally.
Is there an official GitHub MCP server?
Yes. GitHub publishes and maintains an official open-source server at github/github-mcp-server. It is the right default — there is rarely a reason to reach for a community fork.
Is the GitHub MCP server free?
The server itself is free and open source (MIT-licensed). You authenticate with a GitHub account or personal access token, so your usage is governed by your existing GitHub plan and API rate limits rather than a separate charge.
Can the GitHub MCP server merge pull requests and push code?
Yes, if you grant write scopes. The token's permissions decide what it can do. You can also run the server in read-only mode (X-MCP-Readonly) so the assistant can browse code, issues, and PRs without making any changes.

Start Here

Ready to modernize?

Tell us where your team is stuck. We'll map the path from manual to automated, and show you what's possible in the first two weeks.

Book a Discovery Call