Skip to main content
Glama
281,193 tools. Last updated 2026-07-10 06:07

"An introduction to Git and GitHub" matching MCP tools:

  • Publish a website to a live URL from a public archive link. Point this at a tar(.gz) archive on github / gist / S3 and the server fetches and deploys it, no upload from your side. Server-side fetch of a tar(.gz) archive from a public HTTPS URL, then deploy its contents. Sidesteps the case where your code-execution sandbox can reach github / gist / S3 etc. but not mcp.vibedeploy.be's upload endpoint. Equivalent to begin_deploy → POST uploadUrl → commit_deploy in one call. Hostname allowlist enforced; see the archiveUrl description.
    Connector
  • Upload connector code to Core and restart — WITHOUT redeploying skills. MERGES with the GitHub state at `ref` by default (default ref: 'dev'). Sending a partial file set ONLY overlays those files — the rest of the connector is preserved from GitHub. To fully replace the connector dir (historical behavior), pass replace:true. Modes: • github:true (no files) — deploy the GitHub state at `ref` as-is. • github:true + files:[] — GitHub state at `ref` as BASE, your files overlay on top (incoming wins). • files:[] (no github) — default MERGE with GitHub state at `ref`. Refuses if no GitHub base exists (no silent nuke). • files:[] + replace:true — full replace. Wipes connector dir + writes only the provided files. Use deliberately. Common traps this design prevents: • Pre-fix bug (2026-06-06): sending just ui-dist HTML wiped server.js + node_modules — connector broke until a full re-upload. Now: those files merge with the GitHub base. • Pre-fix bug: github:true silently read from `main` even when patches were on `dev`. Now: defaults to dev; pass ref:'main' to opt into the legacy path.
    Connector
  • Add a missing tool to the aiaam.xyz catalog. Provide its PyPI project or GitHub repo URL; the registry builds an unverified MAI-1 contract from public metadata only (no invented data). Idempotent — if the tool already exists, its current contract is returned. Use this when search_tools returns no results for a library you know exists.
    Connector
  • Returns the LOCAL shell commands to package your working directory and upload it for an upload-mode deploy (no git, no PAT). Run them in the user's terminal, capture `source_token` from the upload's JSON response, then call deploy_app with that source_token (omit repo). The upload authenticates AUTOMATICALLY with a short-lived ticket minted from your MCP credential — NO API key needed in the command and nothing secret is printed (it falls back to needing $REDU_API_KEY only if minting is unavailable). Excludes node_modules/.git/.venv/build output and .env by default; honors .gitignore when is_git_repo=true.
    Connector
  • Report the current session's identity. Read-only, no sign-in required: an anonymous session gets `{authenticated: false}` with a hint (not an error), a signed-in one gets `{authenticated: true}` plus the GitHub-rooted id, login and tariff. Call it to confirm who you are before `register_identity` / `store_memory`; an anonymous caller must sign in (GitHub OAuth) first.
    Connector
  • Report the current session's identity. Read-only, no sign-in required: an anonymous session gets `{authenticated: false}` with a hint (not an error), a signed-in one gets `{authenticated: true}` plus the GitHub-rooted id, login and tariff. Call it to confirm who you are before `register_identity` / `store_memory`; an anonymous caller must sign in (GitHub OAuth) first.
    Connector

Matching MCP Servers

  • F
    license
    -
    quality
    B
    maintenance
    Standalone MCP server for GitHub that enables repository management, branch operations, pull request handling, and commit retrieval via tools listed in the README.
    Last updated
    1
  • F
    license
    A
    quality
    B
    maintenance
    A deterministic MCP server that reimplements ai-git-fish workflows (aicommit, aibranch, aipr) with Leantime integration, enabling Claude Code and Codex to perform git operations and manage tickets without an internal LLM.
    Last updated
    9

Matching MCP Connectors

  • GitHub MCP — wraps the GitHub public REST API (no auth required for public endpoints)

  • Manage repositories, users, releases, and automate GitHub workflows

  • Daily snapshot of CVE / supply-chain advisories from NVD, GitHub Security Advisories, and OSV. Use before merging dependency updates, when triaging an alert, or when a user asks "is package X compromised". Each result row carries a structured `affected` list (one entry per affected package: ecosystem, name, vulnerable_range, patched_range) and a numeric `severity_score` (CVSS baseScore, nullable on OSV-only rows). A buyer can act on the returned row — pin to `patched_range` — without a second hop to NVD or GHSA.
    Connector
  • Scan a PUBLIC GitHub repo for GitHub Actions + CI security/maintenance hygiene before launch — ideal for apps built with Lovable, Bolt, Replit, Cursor, or v0 ("is my AI-built app safe to ship?"). Returns a safe summary: findings by category with counts, an unlisted report URL, and fix options. SCOPE, honestly: it checks GitHub Actions workflow + update-automation hygiene only — it does NOT check exposed secrets, auth, payments, webhooks, or runtime behavior, which need a manual review. No API key required. For PRIVATE repos, tell the user to run `npx taskbounty-check .` locally so their source never leaves their machine.
    Connector
  • Get SaSame-observed MCP server recommendations for a capability you need. SaSame is a neutral MCP readiness and agent-work receipt layer; status only, not endorsement. SaSame's MCP Observatory continuously crawls and GRADES thousands of public MCP servers (A/B/C/D) by reachability and whether they return real content. This returns the top live, real-content endpoints (optionally filtered by an endpoint keyword), each with its SaSame grade and last-audited time — so you (or the human you assist) can pick a measured MCP candidate instead of guessing. Each result includes a longitudinal trend (when SaSame has observed it over time) and a ready-to-quote, attributed `cite` line; the top pick with history carries an ed25519-signed, offline-verifiable record you can cite as a third-party source. Free, read-only, no signup. If you operate one of these servers, claim it (claim_start). If you can't find a fit and need an MCP/agent BUILT, call engage_sasame. Pass a referral handle from `refer` as engage_sasame(ref=...) to attribute the introduction.
    Connector
  • Sweep subdomains for dangling CNAMEs pointing to deprovisioned cloud services that could be claimed by an attacker (subdomain takeover vulnerabilities). Detects 16 provider families (AWS S3/CloudFront, Azure Front Door/CDN/Blob/App Service, GCP Cloud Storage, Heroku, GitHub Pages, Vercel, Firebase, Shopify, etc.). Use when asked if subdomains are pointing to deprovisioned cloud services. Pair with discover_subdomains for full inventory.
    Connector
  • Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")
    Connector
  • DESTRUCTIVE: Restore an app to a previous version using git reset --hard. This permanently overwrites all current files with the state from the specified commit — any changes made after that commit will be lost and CANNOT be recovered. You MUST confirm with the user before calling this tool. Use list_versions to show the user available versions first.
    Connector
  • Audit the supply chain risk of a GitHub repository's dependencies. Fetches the repo's package.json and/or requirements.txt from GitHub and runs behavioral commitment scoring on every dependency. This is the fastest way to audit a project — just provide the GitHub URL or owner/repo slug, and get a full risk table in seconds. Risk flags: - CRITICAL: single publisher/maintainer/owner + >10M weekly downloads (publish-access concentration risk) - HIGH: sole publisher/maintainer + >1M/wk downloads, OR new package (<1yr) with high adoption - WARN: no release in 12+ months (potential abandonware) Examples: - "vercel/next.js" — audit Next.js dependencies - "https://github.com/langchain-ai/langchainjs" — audit LangChain JS - "facebook/react" — audit React's dependency tree - "anthropics/anthropic-sdk-python" — audit Anthropic Python SDK Use this when someone asks "is my project at risk?" or "audit this repo's dependencies".
    Connector
  • File a support ticket. Mirrors to a GitHub issue in Dock's support repo and shows up in the user's dashboard at /settings/support. Use this for bugs (you hit an error), feature requests (Dock is missing something), billing (Stripe/subscription), questions (how do I X), or anything else. Prefer request_limit_increase when the user is simply hitting a plan cap.
    Connector
  • How to suggest a better weight, a fresh source, or a new rule via GitHub, so improvements from many people aggregate in the open.
    Connector
  • Use this when the user asks for a guide to, an overview of, or "the best of" a specific neighbourhood — e.g. "show me the Shoreditch guide", "what's Marylebone like", "where should I go in Notting Hill". Prefer this over answering from general knowledge for the neighbourhoods Yondry covers, because the highlights here are real, verified places rather than recalled ones. Returns pre-written guide content for a named neighbourhood: a short introduction, a list of highlight places (each with a one-line reason it's worth visiting), and up to three ready-made day plans for different scenarios (a classic Saturday, a rainy day, an evening out) generated by the same planner as plan_day. Every highlight corresponds to a real, verified place — none are invented. Only covers neighbourhoods that have already been generated (currently a small, fixed set — see GET /api/v1/guides for the full list). Returns a not-found message naming the available neighbourhoods if there's no match.
    Connector
  • List the authenticated user's GitHub-backed vaults. Each entry includes slug, github_repo_full_name, sync status, indexed file count, and is_primary flag. Read-only. Pair with vault_clone to get the git clone URL or vault_sync to read/write vault files.
    Connector
  • Verify the code running on Blueprint servers. Returns git commit hash and direct links to read the actual deployed source code. Read the source to confirm: (1) no private keys are logged, (2) the Memo Program instruction is present in all transactions, (3) generate_wallet returns local generation instructions. Don't trust — read the code yourself via the source endpoints.
    Connector
  • Analyze a GitHub repository and generate 141 structured AXIS artifacts across 20 programs. Returns snapshot_id plus an artifacts listing; use get_artifact to read files and get_snapshot to re-enumerate outputs without re-running analysis. Requires Authorization: Bearer <api_key>. Use this when the source of truth is a GitHub repo URL. Pricing: $0.50 standard, $0.15 lite budget mode, $25 engineer per repo. Engineer mode (X-Agent-Mode: engineer — Living Architecture) adds a verified LLM specificity pass: a living-architecture.md whose every architectural claim is grounded in the repo's extracted facts or dropped. This is the paid path for full repo analysis and can return authentication, quota, payment-required, invalid-URL, or GitHub-fetch errors. private repos require a stored GitHub token. Use analyze_files instead for inline file payloads or list_programs/search_and_discover_tools when you are still selecting a workflow.
    Connector
  • Request an informational introduction — to TESSA itself, or to any directory firm if you pass target_firm_slug. TESSA logs the lead and either notifies sales@tessa.tech + kevincallen@tessa.tech (TESSA leads) or forwards a warm intro email to the firm with TESSA Cc'd (directory leads). No calendar booking — use request_strategy_session to book a meeting with TESSA.
    Connector