The GitHub MCP server is the connection most Claude Code users get the most out of. Once it’s wired up, you stop pasting issue text and PR diffs into the terminal — Claude reads them directly, searches your code, and can open or review pull requests on your behalf.
This walks through the whole thing on Windows and WSL: creating a scoped token, adding the server, confirming the connection, and a couple of workflows that show why it’s worth it. It also covers the permission traps, because a GitHub token is a real credential and the server runs with whatever you give it.
If you haven’t set up any MCP servers yet, the MCP setup guide for Windows and WSL covers the basics this article assumes.
What you get when it’s connected
With the server running and a token in place, Claude can:
- Read, create, and comment on issues
- Open, review, and comment on pull requests
- Search code across the repos your token can see
- Read file contents and branch state without a local clone
- Inspect workflow runs and their status
How much of that it can actually do depends entirely on the token scope. A read-only token gives you triage and search; write access adds creating issues and PRs. Start narrow.
Create a scoped token first
Do this before adding the server. In GitHub, go to Settings → Developer settings → Personal access tokens → Fine-grained tokens and create one.
- Resource owner: your account or org
- Repository access: only the repos you want Claude to touch
- Permissions: start with read for Contents, Issues, Pull requests, and Metadata; add write only if you want Claude creating issues or PRs
Copy the token once — GitHub won’t show it again. The full permission reference is in the GitHub token docs.
Add the server
Store the token in an environment variable so it stays out of your shell history and config files.
On WSL or Linux:
export GITHUB_TOKEN="github_pat_your_token_here"
claude mcp add --transport http github https://api.githubcopilot.com/mcp \
--header "Authorization: Bearer ${GITHUB_TOKEN}"On native Windows PowerShell:
$env:GITHUB_TOKEN = "github_pat_your_token_here"
claude mcp add --transport http github https://api.githubcopilot.com/mcp --header "Authorization: Bearer $env:GITHUB_TOKEN"To make the token persist across PowerShell sessions, set it once with setx GITHUB_TOKEN "..." and reopen the terminal. The exact endpoint and header flags can change between releases, so cross-check the official MCP page if the add command errors.
Confirm it connected
Two ways to check:
claude mcp listThat prints configured servers and whether each one connected. Inside a session, run /mcp to see the GitHub server and the tools it exposes. If it shows as failed, the token or — on native Windows — a missing command wrapper is almost always the reason.
Example workflows
Once it’s live, you talk to Claude in plain language and it uses the GitHub tools itself.
Triage an issue and propose a fix. Point it at an issue and let it pull the context:
Read issue #482, find the relevant code in this repo, and draft a fix on a new branch.Claude reads the issue, searches the codebase through the server, and works from the real text instead of a summary you typed.
Review a pull request. Ask for a review of an open PR:
Review PR #91. Check for missing error handling and flag anything that needs a test.It reads the diff and discussion and comes back with specific comments, which it can post if your token has write access.
Search across repos. Code search is one of the quiet wins:
Find every place we call the old auth helper across our repos.That’s the kind of question that’s slow to answer by hand and fast through the server.
Permissions and cautions
The convenience comes with real reach. A few habits keep it safe:
Token scope by workflow
| Read issues / PRs, search code | Read: Contents, Issues, Pull requests, Metadata |
|---|---|
| Create issues and PRs | Add Write: Issues, Pull requests |
| Triage only, no writes | Read-only across the board |
| One repo only | Scope token to that repository, not all repos |
Beyond scope, treat issue and PR text as untrusted input. A comment can contain text that reads like an instruction to the agent — Claude should treat it as data, but you should still review actions before approving writes. For the broader picture, see Claude Code MCP security risks and best practices.
GitHub MCP setup checklist
- Create a fine-grained token scoped to specific repos
- Grant read first; add write only if you need it
- Set an expiration on the token
- Store the token in an environment variable, not in config
- Add the server with claude mcp add (HTTP transport)
- Verify with claude mcp list or /mcp
- Choose project scope for teams, but keep the token out of git
Wrapping up
The GitHub MCP server pays for itself the first time Claude reads an issue, finds the code, and drafts a fix without you leaving the terminal. The setup is short: a scoped fine-grained token, one claude mcp add command, and a quick /mcp check. The discipline is all in the token — grant the least access that covers your workflow, keep it in an environment variable, and never commit it.
Next, see which other servers are worth your context in the best MCP servers for Claude Code in 2026.
