GitHub App
The MCPShield GitHub App posts security comments on pull requests and enables private repo scanning for Pro users.
What It Does
PR Security Comments
When a pull request modifies MCP server configuration, the app automatically scans the changes and posts a comment with the security grade, findings, and recommendations. Available on all tiers (up to 10 scans/day per installation).
Private Repo Access
Pro subscribers can scan private repositories from the dashboard or API. The GitHub App provides the read-only token needed to access private code during the scan. See Private Repo Scanning.
Installation
- Go to the GitHub App page on MCPShield.
- Click Install GitHub App. You will be redirected to GitHub.
- Choose whether to install on all repositories or select repositories. For private repo scanning, make sure the target repos are selected.
- Click Install. GitHub redirects you back to MCPShield.
- You're done. The app will automatically comment on PRs and your private repos are now scannable from the dashboard.
Permissions
The MCPShield GitHub App requests minimal permissions:
| Permission | Access | Purpose |
|---|---|---|
| Repository contents | Read-only | Read MCP server configuration files for scanning |
| Pull requests | Read & write | Post security analysis comments on PRs |
| Metadata | Read-only | Required by GitHub for all apps |
Rate Limits
The GitHub App is limited to 10 automatic PR scans per day per installation. This is separate from your API or dashboard scan limits. Manual scans of private repos from the dashboard count toward your normal tier limits.
Uninstalling
To uninstall, go to your GitHub Settings → Applications → Installed GitHub Apps, find MCPShield, and click Configure then Uninstall. This immediately revokes access and stops PR comments.