[mcp-analysis] MCP Structural Analysis - 2026-06-19

[github-actions[bot]]

GitHub MCP Structural Analysis — 2026-06-19

Quantitative (response size) + qualitative (schema & agentic usefulness) analysis of representative GitHub MCP tools, with a 30-day rolling trend.

Today: 8 tools sampled · 11,665 total tokens · avg usefulness 3.5/5. Best: search_repositories ⭐⭐⭐⭐⭐ — flat, every discovery signal, ~190 tk. Worst: get_me ⭐ (403 — no /user scope on this read-only App token). The single biggest, recurring inefficiency remains list_code_scanning_alerts (~4,200 tk for 3 alerts), which inlines the full CodeQL help markdown into every result and duplicates it across identical rule IDs.

Notable deltas vs 06-18: critical alert #633 (actions/untrusted-checkout in a .lock.yml) resolved — code-scanning critical count 4 → 3 (all remaining are go/unsafe-quoting). Discussions totalCount 7,421 → 7,472 (+51); repo stars 4,641 → 4,648 (+7); open issues 260 → 270.

Key recommendations

• High-value, context-efficient (use freely): search_repositories (5/5, ~190 tk), get_label (4/5, ~45 tk), list_discussions (4/5, ~200 tk). Flat or properly-paginated envelopes that return exactly what's needed.
• Good but body-heavy (request narrow): list_issues / list_pull_requests / get_file_contents — all 4/5. Their weight is intrinsic payload (full issue/PR body, full file). A truncate/exclude-body option on list ops would push these to 5/5. PR listings also embed a redundant nested repo object under both base and head.
• Needs improvement: list_code_scanning_alerts (2/5). Per-result rule.help markdown is the dominant cost and is duplicated across same-rule alerts. Moving help text to an on-demand lookup would cut ~70% of tokens with zero loss of actionable signal.
• Auth-gated this run: get_me (403) and actions toolset (actions_list permission not granted) — not tool-quality verdicts.

Full Structural Analysis Report

Executive Summary

Metric	Value
Tools Analyzed	8
Total Tokens (Today)	11,665
Average Usefulness Rating	3.50 / 5
Best Rated Tool	search_repositories: 5/5
Worst Rated Tool	get_me: 1/5 (auth-limited)

Usefulness Ratings for Agentic Work

Tool	Toolset	Rating	Assessment
search_repositories	search	⭐⭐⭐⭐⭐	Flat discovery signals, no bloat — excellent
get_file_contents	repos	⭐⭐⭐⭐	Full file + SHA; clean envelope, weight is the file
list_issues	issues	⭐⭐⭐⭐	Clean triage fields; full body inlined is the only weight
list_pull_requests	pull_requests	⭐⭐⭐⭐	Rich PR-ops fields; redundant nested repo objects
list_discussions	discussions	⭐⭐⭐⭐	Cursor pagination + totalCount; no body/labels
get_label	labels	⭐⭐⭐⭐	Complete & proportionate; narrow scope caps leverage
list_code_scanning_alerts	code_security	⭐⭐	Great finding fields, but duplicated full help markdown
get_me	context	⭐	403 — unavailable under this workflow's token

Schema Analysis

Tool	Type	Depth	Key Fields	Notes
get_me	object	1	error.message	403, no payload
get_file_contents	object	3	resource.text, mimeType, uri, SHA	Clean resource envelope
list_issues	array	3	number, title, state, labels, user.login, body	Body inlined full
list_pull_requests	array	4	number, state, base/head.ref+sha, labels, html_url	Nested repo dup
list_code_scanning_alerts	array	5	number, rule.id, security_severity_level, location.path/start_line, message.text	help md per result
list_discussions	object	3	discussions[].number, title, category.name, pageInfo, totalCount	GraphQL envelope
get_label	object	1	name, color, description, id	Flat
search_repositories	array	2	full_name, language, stars, forks, topics, open_issues	Flat, minimal_output

Response Size Analysis

Toolset	Tokens (today)	Tool tested
code_security	4,200	list_code_scanning_alerts
repos	3,200	get_file_contents
issues	2,400	list_issues
pull_requests	1,400	list_pull_requests
discussions	200	list_discussions
search	190	search_repositories
labels	45	get_label
context	30	get_me (403)

Tool-by-Tool Analysis

Tool	Toolset	Tokens	Schema	Rating	Notes
get_me	context	30	object/1	1	403 Resource not accessible by integration
get_file_contents	repos	3,200	object/3	4	README.md; ~60% is auto-gen community list
list_issues	issues	2,400	array/3	4	#40295 team-status; large inlined body
list_pull_requests	pull_requests	1,400	array/4	4	#40291; redundant nested repo under base+head
list_code_scanning_alerts	code_security	4,200	array/5	2	3 go/unsafe-quoting alerts; help md duplicated
list_discussions	discussions	200	object/3	4	totalCount 7,472; cursor pagination
get_label	labels	45	object/1	4	bug label; flat & complete
search_repositories	search	190	array/2	5	minimal_output; all discovery signals

30-Day Trend Summary

Metric	Value
Data Points	203
Distinct Days	22
Average Daily Tokens	9,972
Average Usefulness (30d)	3.45 / 5
Today vs Average	+1,693 tk, +0.05 rating (stable)

Ratings are stable over the window. Token volume tracks the code-scanning alert count: it spikes whenever new critical CodeQL alerts appear (each drags ~1,400 tk of duplicated help text), and the resolution of #633 brought today's code_security cost down from its 06-18 peak.

Recommendations

• High-value tools (4–5): search_repositories, get_file_contents, list_issues, list_pull_requests, list_discussions, get_label.
• Tools needing improvement: list_code_scanning_alerts — de-duplicate / externalize rule.help.
• Context-efficient (low tokens, high rating): get_label (45 tk / 4), search_repositories (190 tk / 5), list_discussions (200 tk / 4).
• Context-heavy (high tokens): list_code_scanning_alerts (4,200), get_file_contents (3,200), list_issues (2,400) — prefer narrow/paginated calls and body-exclusion where supported.

Visualizations

Response Size by Toolset

Usefulness Ratings

Daily Token Trend

Size vs Usefulness

References:

• §27827234082

Generated by 🔍 GitHub MCP Structural Analysis · 157.4 AIC · ⌖ 36.9 AIC · ⊞ 12.1K · ◷

• expires on Jun 20, 2026, 5:09 AM UTC-08:00

[github-actions[bot]]

Me smoke bot wave hello.
Run 27828520670 stomp by.
Fire still good.

Warning

Firewall blocked 6 domains

The following domains were blocked by the firewall during workflow execution:

• accounts.google.com
• android.clients.google.com
• clients2.google.com
• contentautofill.googleapis.com
• safebrowsingohttpgateway.googleapis.com
• www.google.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "accounts.google.com"
    - "android.clients.google.com"
    - "clients2.google.com"
    - "contentautofill.googleapis.com"
    - "safebrowsingohttpgateway.googleapis.com"
    - "www.google.com"

See Network Configuration for more information.

📰 BREAKING: Report filed by Smoke Copilot · 260.9 AIC · ⊞ 19.2K · ◷

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-06-20T13:09:40.509Z.

Closed by Workflow