GitHub MCP — wraps the GitHub public REST API (no auth required for public endpoints)
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
GitHub MCP — wraps the GitHub public REST API (no auth required for public endpoints)