GitHub Read MCP Server
Read-only MCP server for the GitHub REST API that enables agents to query repositories, issues, files, and users without any write access.
README
github-read — read-only GitHub MCP server
A production-grade, read-only MCP server for the GitHub REST API. Wire it into Claude Desktop / Claude Code / Cursor and the agent can answer questions about repositories, issues, files, and users — without any write access.
Scaffolded by mcp-factory; the value is the production layer on top: auth-scoping, fail-soft, version-pinning, tests, docs.
Tools
| Tool | What it does |
|---|---|
get_repo |
Repo metadata: stars, language, open issues, default branch, license, last push |
list_issues |
Open/closed/all issues (PRs filtered out), newest-update first |
get_file_contents |
Read a UTF-8 text file at a path (truncates past ~100 KB) |
search_repositories |
Search public repos by keyword/qualifiers |
get_user |
Public profile for a user or org |
Install
cd github-read-mcp
python -m venv .venv
.venv/Scripts/python.exe -m pip install -r requirements.txt # Windows
# source .venv/bin/activate && pip install -r requirements.txt # macOS/Linux
Dependencies are version-pinned (requirements.txt); a fresh install
reproduces the tested build.
Authentication & scoping (read this)
The token is optional:
- No token → the server runs on GitHub's unauthenticated 60 req/hr tier. It works, but rate-limits quickly. It prints a one-line warning to stderr.
- With a token → 5000 req/hr. Use a fine-grained personal access
token scoped to read-only:
- Repository access: only the repos the agent should see (or "public repos").
- Permissions: Contents: Read-only and Metadata: Read-only. Nothing else.
This server only ever issues HTTP GETs — there is no tool that can write, delete, or mutate anything. Even if handed a broader token, it cannot take a destructive action. Grant the minimum anyway; least privilege is the point.
Set the token via the GITHUB_TOKEN env var (see registration below). Never
commit a token.
Register in Claude / Cursor
Add to your MCP config (~/.claude.json under mcpServers, or Cursor's
mcp.json):
{
"mcpServers": {
"github-read": {
"command": "C:\\path\\to\\github-read-mcp\\.venv\\Scripts\\python.exe",
"args": ["-m", "github_mcp.server"],
"env": { "GITHUB_TOKEN": "github_pat_xxx_your_readonly_token" }
}
}
}
The command must be the venv interpreter (so the pinned deps are on the path),
and the working directory must be the repo root so -m github_mcp.server
resolves. Leave GITHUB_TOKEN as "" to run unauthenticated. Restart the client
to pick up the server.
Verify it works
# Hermetic unit/integration suite (no network, no token):
.venv/Scripts/python.exe -m pytest -q
# Live tests against the real unauthenticated GitHub API:
RUN_LIVE_GITHUB_TESTS=1 .venv/Scripts/python.exe -m pytest tests/test_live.py -v
# End-to-end MCP protocol smoke (spawns the server, drives it as a client would):
.venv/Scripts/python.exe scripts/smoke_mcp.py
Fail-soft behavior
Every failure mode returns a structured JSON envelope — a tool call never crashes the agent session:
{ "error": { "type": "rate_limited",
"message": "GitHub rate limit exhausted on the unauthenticated (60/hr) tier.",
"hint": "Set a GITHUB_TOKEN to raise the limit to 5000 req/hr.",
"retry_after_seconds": 118.4 } }
Handled: rate_limited, secondary_rate_limited, unauthorized, forbidden,
not_found, invalid_request, is_directory, binary_file, timeout,
network_error, bad_response, internal_error. A missing required
argument is rejected by the MCP SDK itself (protocol-level isError) before it
reaches the server.
Layout
github-read-mcp/
├── mcp.yaml # factory manifest (the deliverable spec)
├── github_mcp/
│ ├── server.py # MCP server: tools + fail-soft boundary
│ ├── client.py # GitHub client: auth, version-pin, fail-soft
│ ├── errors.py # error normalization
│ └── _scaffold_generated.py # original factory stub (provenance / before-after)
├── tests/ # 31 hermetic + 4 live (network-gated)
├── scripts/smoke_mcp.py # end-to-end MCP protocol smoke
├── requirements.txt # pinned runtime deps
└── requirements-dev.txt # pinned test deps
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.