Describe the feature or problem you’d like to solve

Currently, the MCP server documentation instructs users toenable the permissions that you feel comfortable granting your AI tools when creating a GitHub Personal Access Token. However, it does not specify precisely which permissions are required for each available command, such as get_issue, create_issue, get_file_contents etc... This ambiguity forces users to cross-reference GitHub's documentation, increasing setup time and potentially causing misconfiguration.

Proposed solution

Explicitly list the required GitHub Personal Access Token permissions alongside each command/action within the MCP server documentation. For example:

• merge_pull_request - Merge a pull request

  • owner: Repository owner (string, required)
  • repo: Repository name (string, required)
  • pullNumber: Pull request number (number, required)
  • commit_title: Title for the merge commit (string, optional)
  • commit_message: Message for the merge commit (string, optional)
  • merge_method: Merge method (string, optional)

  merge_pull_request Access Token Required Permissions:

  • Contents(R) – Read access
  • Discussions(RW) – Read/Write access
  • Followers(R) – Read access

Note: This is an example and could be in a different format or shape.

How will it benefit GitHub MCP Server and its users?

Providing this information directly within the MCP documentation next to each action would make it clear what permissions need to be activated, reduce confusion, and improve security by clearly communicating which permissions are necessary for each action.