Github-Oauth MCP Server
Server Quality Checklist
Latest release: v1.0.0
- Disambiguation5/5
Each tool has a clearly distinct purpose in the OAuth flow and user data retrieval: authorize_github initiates the flow, get_access_token_from_code handles token exchange, get_user_profile fetches profile data, and get_user_repositories fetches repositories. There is no overlap or ambiguity between these operations.
Naming Consistency5/5All tools follow a consistent verb_noun pattern with snake_case (e.g., authorize_github, get_access_token_from_code). The naming is predictable and readable throughout the set.
Tool Count5/5With 4 tools, this server is well-scoped for its purpose of GitHub OAuth authentication and basic user data access. Each tool earns its place by covering essential steps in the OAuth flow and common user queries.
Completeness4/5The tool set covers the core OAuth flow (authorization, token exchange) and basic user data (profile, repositories), with no dead ends. A minor gap exists in lacking tools for more advanced GitHub operations (e.g., repository management or issue handling), but this is reasonable given the server's focused scope.
Average 3.2/5 across 4 of 4 tools scored.
See the Tool Scores section below for per-tool breakdowns.
- No issues in the last 6 months
- No commit activity data available
- No stable releases found
- No critical vulnerability alerts
- No high-severity vulnerability alerts
- No code scanning findings
- CI status not available
Add a LICENSE file by following GitHub's guide. Once GitHub recognizes the license, the system will automatically detect it within a few hours.
If the license does not appear after some time, you can manually trigger a new scan using the MCP server admin interface.
MCP servers without a LICENSE cannot be installed.
This repository includes a README.md file.
No tool usage detected in the last 30 days. Usage tracking helps demonstrate server value.
Tip: use the "Try in Browser" feature on the server page to seed initial usage.
Add a glama.json file to provide metadata about your server.
If you are the author, simply .
If the server belongs to an organization, first add
glama.jsonto the root of your repository:{ "$schema": "https://glama.ai/mcp/schemas/server.json", "maintainers": [ "your-github-username" ] }Then . Browse examples.
Add related servers to improve discoverability.
How to sync the server with GitHub?
Servers are automatically synced at least once per day, but you can also sync manually at any time to instantly update the server profile.
To manually sync the server, click the "Sync Server" button in the MCP server admin interface.
How is the quality score calculated?
The overall quality score combines two components: Tool Definition Quality (70%) and Server Coherence (30%).
Tool Definition Quality measures how well each tool describes itself to AI agents. Every tool is scored 1–5 across six dimensions: Purpose Clarity (25%), Usage Guidelines (20%), Behavioral Transparency (20%), Parameter Semantics (15%), Conciseness & Structure (10%), and Contextual Completeness (10%). The server-level definition quality score is calculated as 60% mean TDQS + 40% minimum TDQS, so a single poorly described tool pulls the score down.
Server Coherence evaluates how well the tools work together as a set, scoring four dimensions equally: Disambiguation (can agents tell tools apart?), Naming Consistency, Tool Count Appropriateness, and Completeness (are there gaps in the tool surface?).
Tiers are derived from the overall score: A (≥3.5), B (≥3.0), C (≥2.0), D (≥1.0), F (<1.0). B and above is considered passing.
Tool Scores
- Behavior2/5
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It states the action ('exchange') but lacks critical details: it doesn't specify authentication requirements, rate limits, error handling, or the nature of the returned access token (e.g., scope, expiration). This leaves significant gaps for a tool that performs a sensitive OAuth operation.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Conciseness5/5Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, efficient sentence with zero wasted words. It is front-loaded with the core action and resource, making it easy to parse. Every part of the sentence earns its place by conveying essential purpose.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Completeness2/5Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (OAuth token exchange), lack of annotations, no output schema, and poor schema coverage, the description is incomplete. It fails to address authentication needs, response format, error cases, or integration with sibling tools like 'authorize_github'. This leaves the agent under-informed for a security-sensitive operation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Parameters2/5Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 0% description coverage, with one parameter ('code') undocumented in the schema. The description adds minimal value by implying the parameter is an 'authorization code', but it doesn't explain the code's format, source, or validity constraints. This is inadequate compensation for the schema's lack of documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Purpose4/5Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose with a specific verb ('exchange') and resource ('authorization code for an access token'). It distinguishes itself from sibling tools like 'authorize_github', 'get_user_profile', and 'get_user_repositories' by focusing on token exchange rather than authorization initiation or data retrieval. However, it doesn't explicitly mention the OAuth context or differentiate from other potential token-related operations.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Usage Guidelines2/5Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing an authorization code from a prior step like 'authorize_github'), exclusions, or contextual cues. The agent must infer usage from the purpose alone, which is insufficient for optimal tool selection.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
- Behavior2/5
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It states 'fetch' but doesn't clarify if this is a read-only operation, what data format is returned, or any rate limits or authentication requirements. This leaves significant gaps in understanding the tool's behavior beyond the basic action.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Conciseness5/5Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, clear sentence that directly states the tool's purpose without any fluff. It's front-loaded and efficiently communicates the essential information, making it highly concise and well-structured.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Completeness2/5Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the lack of annotations and output schema, the description is incomplete. It doesn't explain what the repositories data includes, how it's formatted, or any error conditions. For a tool that likely returns structured data, this leaves the agent without enough context to use it effectively.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Parameters4/5Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 0 parameters with 100% coverage, so no parameter documentation is needed. The description appropriately doesn't add unnecessary param details, earning a baseline score of 4 for not overcomplicating a parameterless tool.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Purpose4/5Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('fetch') and resource ('repositories of the authenticated user'), making the purpose immediately understandable. However, it doesn't differentiate from sibling tools like 'get_user_profile', which might also retrieve user-related data, leaving room for improvement in sibling distinction.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Usage Guidelines2/5Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites like authentication, nor does it compare to sibling tools such as 'authorize_github' or 'get_user_profile', leaving the agent to infer usage context without explicit direction.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
- Behavior2/5
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure. It states this is a 'fetch' operation, implying it's likely read-only and non-destructive, but doesn't confirm this or address other behavioral aspects like rate limits, authentication requirements beyond 'authenticated', error handling, or response format. The description adds minimal value beyond the basic action, missing key details for safe and effective use.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Conciseness5/5Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, clear sentence that front-loads the essential information ('fetch the authenticated user's GitHub profile') with zero wasted words. It's appropriately sized for a simple tool with no parameters, making it easy to parse quickly without sacrificing clarity.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Completeness2/5Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the lack of annotations and output schema, the description is incomplete for effective tool use. It doesn't explain what data the profile includes, how authentication is handled, or potential errors, leaving significant gaps in understanding the tool's behavior and results. For a tool that likely returns user data, more context is needed to compensate for the missing structured information.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Parameters4/5Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 0 parameters with 100% coverage, so no parameter documentation is needed. The description appropriately doesn't discuss parameters, avoiding redundancy. This meets the baseline for tools with no parameters, as the description focuses on the tool's purpose rather than unnecessary parameter details.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Purpose4/5Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('fetch') and target resource ('authenticated user's GitHub profile'), making the purpose immediately understandable. It doesn't explicitly differentiate from sibling tools like 'get_user_repositories', but the specificity of 'profile' versus 'repositories' provides implicit distinction. The description avoids tautology by not merely restating the tool name.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Usage Guidelines3/5Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage context through 'authenticated user's', suggesting this tool should be used when the user is logged in, but it doesn't provide explicit guidance on when to use this versus alternatives like 'get_user_repositories' or prerequisites like needing authorization first. The context is implied rather than stated clearly, leaving some ambiguity about optimal usage scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
- Behavior2/5
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries full burden but only states what the tool does, not how it behaves. It doesn't disclose that this likely generates an OAuth URL with scopes/state parameters, whether it requires pre-configured client credentials, what the URL format is, or any rate limits. The description is minimal and misses important behavioral context for an auth tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Conciseness5/5Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, efficient sentence that directly states the tool's purpose with zero wasted words. It's appropriately sized for a simple tool with no parameters and gets straight to the point without unnecessary elaboration.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Completeness3/5Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (0 parameters, no output schema, no annotations), the description is minimally complete but lacks important context. For an authorization tool, it should ideally mention this is for OAuth flow initiation, what happens after URL generation, or how it relates to sibling tools like 'get_access_token_from_code'. The description is adequate but leaves gaps in understanding the full workflow.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Parameters4/5Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The tool has 0 parameters with 100% schema description coverage, so the baseline is 4. The description doesn't need to explain parameters, and it correctly doesn't mention any. However, it doesn't add any semantic context about what might be configurable in the URL generation (like scopes), which could be helpful but isn't required.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Purpose4/5Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('Generate') and resource ('GitHub authorization URL') with a specific purpose ('for user authorization'). It distinguishes from siblings like 'get_access_token_from_code' which handles the next step in the OAuth flow. However, it doesn't explicitly mention this is for OAuth initiation or differentiate from other auth methods.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Usage Guidelines3/5Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies this tool should be used when starting user authorization, but doesn't explicitly state when to use it versus alternatives like direct token requests. It mentions 'user authorization' which provides some context, but lacks guidance on prerequisites (e.g., needing GitHub app credentials) or explicit exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
GitHub Badge
Glama performs regular codebase and documentation scans to:
- Confirm that the MCP server is working as expected.
- Confirm that there are no obvious security issues.
- Evaluate tool definition quality.
Our badge communicates server capabilities, safety, and installation instructions.
Card Badge
Copy to your README.md:
Score Badge
Copy to your README.md:
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Nikhil-Patil-RI/MCP-Github-Oauth'
If you have feedback or need assistance with the MCP directory API, please join our Discord server