Public scan brief

github/github-mcp-server security scan

Partial no-execution triage for the public GitHub MCP Server repo. This is a heuristic scan of selected public text files, not a commissioned audit, vulnerability disclosure, or security certification.

Rerun public scan General audit path Start audit from scan

Repogithub/github-mcp-server

Score76/100 heuristic

Snapshot59 selected files scanned

Signals0 high / 2 medium / 1 low

Top findings

Account-mutating tool surfaces need explicit policy

The fetched slice shows auth, tests, and CI signals, while still flagging remote listener and write-action review areas. A scoped review would focus on repository/account mutation, token boundaries, transport exposure, and user-visible failure modes.

MedRemote listener needs an explicit exposure policy.

MedWrite actions should have confirmation and test coverage.

LowCredential paths detected; redaction appears present.

PassMCP, auth, tests, and CI signals appeared in the fetched slice.

Paid handoff

Convert this scan into a fixed-scope review

Confirm tool inventory and read/write/destructive classification.
Review GitHub token scopes, org/repo boundaries, and hosted transport assumptions.
Validate write gates, redaction, retries, and failure states with source evidence.
Pay USD $1,000 only after written scope acceptance.