code-review-mcp
MCP for automated GitHub PR review that flags security, quality and license issues and can list, inspect and review PRs.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for code-review-mcp, derived from its capabilities.
AIVSS 8.6 ยท High
View MAESTRO 7-layer threat model โOverview
code-review-mcp automates code review of GitHub pull requests, checking for security, quality and license issues and providing tools to list, inspect and review PRs. Security surface: it uses a GITHUB_TOKEN with repo access and ingests PR diffs (untrusted contributor code) that it then reasons over.
Key features
- Automated PR review
- Security, quality and license checks
- List/inspect/review PR tools
- GitHub token auth
Use cases
- Auto-review incoming pull requests
- Flag risky dependencies or licenses in a PR