GitHub MCP Server with Personal Access Token
Configure @modelcontextprotocol/server-github with a fine-grained Personal Access Token so Claude or Cursor can read repos, issues, and PRs.
Detailed Explanation
GitHub Server: Repo + Issue Access
The GitHub MCP server wraps the GitHub REST API behind MCP tools, letting the model search code, read issues, and (with the right scopes) open PRs.
Config
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx"
}
}
}
}
Generating a fine-grained token
- Go to Settings → Developer settings → Personal access tokens → Fine-grained tokens on github.com.
- Click Generate new token and pick Only select repositories rather than "All repositories" — this is the difference between a leak that exposes one repo and one that exposes your entire account.
- Under Repository permissions, grant Contents: Read-only and Issues: Read-only for read-only browsing. Add Pull requests: Read and write only if you want the model to open PRs.
- Copy the
ghp_...token and paste it into the env field. The token shows once — you cannot retrieve it later.
Why env, not args
API tokens belong in env rather than args for two reasons: process listings (ps aux) show args but rarely env, and the GitHub server reads tokens from the GITHUB_PERSONAL_ACCESS_TOKEN env var by convention so other MCP servers cannot accidentally see them.
Verifying the token
Decode the token's permissions in our JWT decoder is not possible — GitHub PATs are opaque, not JWTs — but you can run gh auth status after exporting GITHUB_TOKEN to the same value to confirm it works.
Use Case
Giving Claude Desktop the ability to answer 'what's open in the api repo right now?' or 'summarize the last 10 issues mentioning timeouts' without you copy-pasting GitHub web pages into the chat.