badchars/github-security-mcp
GitHub security posture analysis for AI agents — 39 MCP tools, 45 checks across org, repos, Actions, secrets, supply chain, and access control
Platform-specific configuration:
{
"mcpServers": {
"github-security-mcp": {
"command": "npx",
"args": [
"-y",
"github-security-mcp"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
<p align="center"> <br> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/badchars/github-security-mcp/main/.github/banner-dark.svg"> <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/badchars/github-security-mcp/main/.github/banner-light.svg"> </picture> </p>
<h3 align="center">GitHub security posture analysis for AI agents.</h3>
<p align="center"> GitHub Enterprise security features cost $21/user/month.<br> This gives your AI agent <b>the same visibility for free</b> — org, repos, Actions, secrets, supply chain. </p>
<br>
<p align="center"> <a href="#the-problem">The Problem</a> • <a href="#how-its-different">How It's Different</a> • <a href="#quick-start">Quick Start</a> • <a href="#what-the-ai-can-do">What The AI Can Do</a> • <a href="#tools-reference-39-tools">Tools</a> • <a href="#check-registry-45-checks">Checks</a> • <a href="#architecture">Architecture</a> </p>
<p align="center"> <a href="LICENSE"></a> </p>
---
GitHub security is fragmented. You need separate tools for org settings, repo configurations, Actions workflow analysis, secret scanning, supply chain, and access control. No single tool covers it all, and none work with AI agents.
Traditional workflow:
manually check org settings Loading reviews...