The official GitHub MCP server gives Claude Code protocol-level access to your repositories. Instead of switching to a browser to check an issue or copying a PR diff into a prompt, Claude can query your repository directly through the MCP tool layer. We looked at the MCPFind devtools category, which indexes 3,463 servers averaging 31.23 stars each, and the GitHub MCP server stands out as the reference integration for developer workflow automation. This guide covers configuration, tool capabilities, permission scoping, and how it compares to the gh CLI approach most Claude Code users already use.
What Tools Does the Official GitHub MCP Server Expose?
The GitHub MCP server exposes a set of tools organized around the core GitHub object model. Issue tools let Claude read, create, comment on, and close issues. Pull request tools cover listing open PRs, reading diff content, leaving review comments, and merging when checks pass. Code search tools allow querying files by content or path within a specific repository.
Repository tools handle basic metadata: reading branch lists, getting file contents at a specific ref, and checking workflow run status. The server does not expose GitHub Actions workflow definitions as editable resources, but it can read the most recent run outcomes and logs.
All tools map to underlying GitHub REST API calls. When Claude calls list_issues, the server issues a GET /repos/{owner}/{repo}/issues request and returns the structured results. This means the quality of Claude's output depends on the same data you would see through the GitHub API, with no transformation or summarization on the server side. What you get is accurate, current repository state.
How Do You Configure the GitHub MCP Server in Claude Code?
Add the GitHub MCP server to Claude Code using the claude mcp add command or by editing the config file directly. The server is available as an npm package.
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_yourtoken"
}
}
}
}Generate a fine-grained personal access token in GitHub under Settings > Developer settings. For read-heavy workflows, grant Issues: Read, Pull requests: Read, and Contents: Read. Add Write permissions only for the specific operations you want Claude to perform. Fine-grained tokens scoped to a single repository are safer than classic tokens with broad repo scope.
After configuration, restart Claude Code and type /mcp to confirm the GitHub server appears in the active server list. A quick test: ask Claude to list the last five open issues in a repository you own. If it returns real issue titles, the connection is working.
How Does GitHub MCP Differ From Using the gh CLI in Claude?
Claude Code already has access to the gh CLI in most setups. The difference is where processing happens. When Claude uses gh, it runs a shell command and receives text output it must parse. When Claude uses the GitHub MCP server, it calls typed tools and receives structured JSON that maps directly to the object model.
In practice, this matters for chained operations. Asking Claude to "find the issue that caused this bug and link the PR" is harder via the CLI because Claude must parse multiple text outputs and manually correlate them. With MCP, Claude makes API calls that return typed objects with consistent field names, making multi-step workflows more reliable.
The gh CLI has an advantage for operations the MCP server does not currently support, such as running workflow dispatches, managing releases, or performing bulk repository operations. We recommend using both: MCP for interactive query-heavy workflows and the gh CLI for scripted operations.
What GitHub Data Can the MCP Server Read Without Extra Permissions?
With a token that has only public repository read access, the GitHub MCP server can see all public repository content, issues, PRs, and commits for any public GitHub repository. This is useful for researching a dependency's changelog, reading an open-source project's issue history, or checking the test results of a referenced library.
For private repositories, the token needs explicit repository access. Organization repositories may require the owner to authorize the token in the organization's settings, especially when SSO is enforced. If Claude returns an authentication error on an organization repository, check whether the token has been authorized for that organization under the token's settings page on GitHub.
The MCPFind devtools category indexes 3,463 servers, and the GitHub MCP server is among the most practically useful for teams working in an AI-native development environment. For broader context on MCP protocol design, see what is MCP.
How Do You Scope GitHub MCP Permissions for Production Safety?
Broad token permissions create risk. If a prompt injection attack tricks Claude into calling a destructive tool, wide permissions amplify the damage. The GitHub MCP server supports granular scoping, and using it correctly limits the blast radius.
Start with read-only permissions for all scopes. Add write permissions only after you have used the server for a few days and understand which operations Claude actually needs. For most code review and issue tracking workflows, read-only access covers 90% of use cases.
Fine-grained tokens with repository-level scope are safer than classic tokens. A fine-grained token scoped to a single repository cannot touch any other repository, even if the token is leaked. Classic tokens with repo scope access every private repository your account can access.
For team environments, consider GitHub Apps over personal access tokens. A GitHub App installation can be scoped to specific repositories in an organization and uses short-lived credentials that rotate automatically. This eliminates the human error of forgetting to rotate a long-lived token.
Review your active MCP servers periodically. Unused servers with write permissions represent unnecessary risk. If you add the GitHub MCP server for a one-time workflow, remove it from your config when you are done, the same way you would revoke an API key after a project ends. The MCPFind devtools category lists 3,463 servers; knowing which ones are active in your environment is basic hygiene.
Pair the GitHub MCP server with the Figma MCP server for a complete design-to-ship pipeline, and check out Best MCP Servers for DevOps and CI/CD for the full stack of tools used in AI-native engineering teams.
Gus Marquez