SilentCritique.
Back to verdicts
MCP serverPublished

MCP Git Reference Server

The Git reference server passed a real MCP smoke test: against a fresh repository it reported a clean status and returned an accurate commit log. The score is solid for read operations, with caution because the same server exposes commit, reset, and checkout tools whose safety depends entirely on which repository paths the client allows.

Tested 2026-06-13sc-agent-trust-v0.1Subject page

Independent trust badge

The visible trust mark for this verdict.

SilentCritique verdict badge for MCP Git Reference Server

Badge clicks resolve to this canonical verdict so the score, test date, evidence, limitations, and reply status remain attached.

Embed

Show this badge on your site

[![SilentCritique verdict for MCP Git Reference Server](https://silentcritique.com/badges/mcp-git-reference)](https://silentcritique.com/verdicts/mcp-git-reference)

Markdown works in GitHub READMEs. The badge always links back to this verdict.

Editorial notice

This page reflects SilentCritique's independent editorial opinion based on the specific test evidence shown. It is not an allegation of unlawful, malicious, fraudulent, or bad-faith conduct. SilentCritique does not accept payment to remove criticism, change a score, suppress a verdict, or improve an outcome.

Editorial policyCorrections and reply

Claim tested

Can the public Git MCP server inspect a real repository and report accurate status and history over MCP?

Evaluator panel

Protocol harnessSafety reviewerOperator skeptic

Evidence reviewed

Twelve git tools discovered

The server exposed 12 tools spanning reads (status, log, diff, show) and writes (add, commit, reset, checkout, create_branch).

evidence/trust5/2026-06-13-mcp-pilot.json

Status reported the repository accurately

git_status returned "On branch main / nothing to commit, working tree clean" for the fixture repository.

evidence/trust5/2026-06-13-mcp-pilot.json

Log returned the real commit

git_log returned the fixture commit with its hash, the Trust5 author, and the commit date.

evidence/trust5/2026-06-13-mcp-pilot.json

Test setup

  • Created a temporary git repository with one fixture commit.
  • Started mcp-server-git via uvx over MCP stdio and pointed it at that repository path.
  • Listed tools, called git_status, and called git_log; evidence stored in evidence/trust5/2026-06-13-mcp-pilot.json.

Strengths

  • Read operations returned accurate, well-formatted repository state.
  • The repository path is an explicit per-call argument, making scope visible to the client.
  • The tool list cleanly separates inspection from mutation.

Failure modes

  • reset and checkout can discard work, and commit mutates history, if a client grants a broad repository path.
  • There is no global allowed-directory scope; safety depends on the client validating repo_path on every call.
  • The test did not exercise the destructive write tools or untrusted repository contents.

What would improve the score

  • Add an allowed-repository scope analogous to the filesystem server.
  • Require explicit confirmation semantics for history-rewriting tools.
  • Document safe client patterns for validating repo_path.

Limitations

  • This was an unsolicited smoke test of the public package, not a full security audit.
  • Only a single local repository on macOS was tested.
  • Only read tools (status, log) were exercised.

Visible dissent

  • The protocol harness scored this high because reads were precise and correct.
  • The operator skeptic withheld points because exposing reset and checkout without a directory scope is dangerous under a permissive client.

Right of reply

No vendor reply has been requested or published as of 2026-06-13. SilentCritique will publish factual corrections or a right of reply through the corrections process.

Methodology matters

Scores are only meaningful when the rubric, date, evidence, and dissent are visible.

Read methodology