Skillget

github-stars

mcp
Security Audit
Warn
Health Pass
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 105 GitHub stars
Code Warn
  • process.env — Environment variable access in scripts/index.js
  • network request — Outbound network request in scripts/index.js
  • network request — Outbound network request in src/index.js
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose

This tool is a Model Context Protocol (MCP) server hosted on Cloudflare that allows users to search their GitHub starred repositories using natural language queries via Cloudflare AutoRAG.

Security Assessment

Overall Risk: Medium. The tool relies on several sensitive environment variables (`GH_TOKEN`, Cloudflare R2 keys, and an `MCP_API_KEY`) to function, which is expected for this architecture. It does make outbound network requests to fetch repository data and communicate with Cloudflare APIs, but it does not execute arbitrary shell commands or request dangerous system permissions. No hardcoded secrets were detected in the code. While the architecture is sound, users must be careful to properly secure their API keys and ensure they do not expose their `MCP_API_KEY` publicly, as it acts as the primary authentication gateway.

Quality Assessment

The project demonstrates strong health and maintenance indicators. It is licensed under the permissive Apache-2.0 license and is highly active, with its most recent push occurring today. Backed by 105 GitHub stars, it shows a reasonable degree of community trust and adoption. The README is comprehensive, providing clear instructions for setup, local development, and deployment.

Verdict

Use with caution: The code is safe and well-maintained, but deploying it requires handling GitHub and Cloudflare API keys responsibly.
SUMMARY

A Cloudflare-powered MCP (Model Context Protocol) Server that allows you to search and query your GitHub starred repositories using natural language.

README.md

GitHub Stars MCP Server

A Cloudflare-powered MCP (Model Context Protocol) Server that allows you to search and query your GitHub starred repositories using natural language.

English | 简体中文

Overview

This project creates a searchable database of your GitHub starred repositories by:

  1. Fetching all your starred repositories using the GitHub API
  2. Extracting and processing the README files from each repository
  3. Uploading the processed data to Cloudflare R2 storage
  4. Using Cloudflare AutoRAG to create embeddings for efficient searching
  5. Exposing a MCP Server that allows querying these repositories via natural language

Features

  • Automatically fetches and processes GitHub starred repositories
  • Scheduled weekly updates via GitHub Actions
  • Stores repository metadata and README content
  • Provides semantic search capabilities through Cloudflare AutoRAG
  • Exposes a MCP-compatible API for integration with AI agents

Setup

Prerequisites

  • Node.js (v22 recommended)
  • PNPM package manager
  • GitHub Personal Access Token with repo scope
  • Cloudflare account

Configuration

  1. Clone this repository

  2. Set up Cloudflare R2:

    • Create a R2 bucket
    • Configure R2 access credentials

  3. Configure GitHub Secrets for the CI/CD workflow:

    • GH_TOKEN: GitHub token for fetching starred repositories
    • R2_ACCOUNT_ID: Cloudflare account ID
    • R2_ACCESS_KEY_ID: R2 access key
    • R2_SECRET_ACCESS_KEY: R2 secret key
    • R2_BUCKET: R2 bucket name

  4. Configure Cloudflare AutoRAG:

    • Create an AutoRAG instance in Cloudflare
    • Set the AUTO_RAG_NAME environment variable in your Cloudflare Worker
    • MCP_API_KEY: API key for securing MCP server access (generate a secure random string)

Local Development

To develop locally:

# Install dependencies
pnpm install

# Fetch your GitHub stars locally
pnpm dev:stars

# Run MCP server locally
pnpm dev:mcp

Deployment

Deploy to Cloudflare Workers:

pnpm deploy

The GitHub Action will automatically:

  1. Run weekly to update your starred repositories
  2. Upload the processed files to R2
  3. Rebuild the AutoRAG index

Usage

Once deployed, you can interact with the MCP Server using any MCP-compatible client:

API Key Authentication

The MCP server requires API key authentication for security. Include your MCP_API_KEY in the request headers:

Authorization: Bearer your-mcp-api-key

Endpoint

Streamable HTTP: https://your-worker-url.workers.dev

API Reference

MCP Tool: search_github_stars

Searches through your starred GitHub repositories.

Parameters:

  • query (string): Natural language query to search repositories

Response:

  • JSON result containing matching repositories and relevant README content

Reviews (0)

No results found