Describe the bug
MCP with GITHUB_PERSONAL_ACCESS_TOKEN and GITHUB_READ_ONLY asks for auth with lots of write rights.
Affected version
GitHub MCP Server
Version: v1.5.0
Commit: 8cd03c0
Build Date: 2026-06-27T07:57:40Z
Steps to reproduce the behavior
- Create GITHUB_PERSONAL_ACCESS_TOKEN with RO-access grants
- Run MCP from qwen-code with such configuration
"mcpServers": {
"github": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"ghcr.io/github/github-mcp-server"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "github_pat_...",
"GITHUB_READ_ONLY": 1
}
}
},
- Asks to show your open issues on github
- Find that additional MCP auth needed with lots of unwanted grants asked
✓ get_me (github MCP Server) {}
Visit https://github.com/login/device and enter the code XXXX-XXXX to authorize the GitHub MCP Server.
After authorizing, retry your request.
Expected vs actual behavior
- MCP use just the grants it could get from GITHUB_PERSONAL_ACCESS_TOKEN
- No additional authentication needed
- MCP disallow comands that need more grants that MCP has. Without attemps to get additional ones.
Logs
Describe the bug
MCP with GITHUB_PERSONAL_ACCESS_TOKEN and GITHUB_READ_ONLY asks for auth with lots of write rights.
Affected version
GitHub MCP Server
Version: v1.5.0
Commit: 8cd03c0
Build Date: 2026-06-27T07:57:40Z
Steps to reproduce the behavior
Expected vs actual behavior
Logs