code-review-mcp
MCP for automated GitHub PR review that flags security, quality and license issues and can list, inspect and review PRs.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for code-review-mcp, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
code-review-mcp automates code review of GitHub pull requests, checking for security, quality and license issues and providing tools to list, inspect and review PRs. Security surface: it uses a GITHUB_TOKEN with repo access and ingests PR diffs (untrusted contributor code) that it then reasons over.
Key features
- Automated PR review
- Security, quality and license checks
- List/inspect/review PR tools
- GitHub token auth
Use cases
- Auto-review incoming pull requests
- Flag risky dependencies or licenses in a PR