Summary
The nightly GitHub MCP tools audit detected one tool exposed by the GitHub MCP remote server that was not in pkg/workflow/data/github_toolsets_permissions.json:
check_dependency_vulnerabilities — checks a list of dependencies against the GitHub Advisory Database for known vulnerabilities. The tool is remote-only (not present in the open-source github/github-mcp-server source tree, similar to github_support_docs_search and the copilot_spaces tools).
Changes
pkg/workflow/data/github_toolsets_permissions.json — added check_dependency_vulnerabilities to the security_advisories toolset (alphabetical ordering preserved). Placement rationale: the tool queries the GitHub Advisory Database, which is the same data source as the rest of security_advisories. It uses the existing security-events permission..github/aw/github-mcp-server.md — added the tool to the security_advisories documentation table and bumped the Last Updated date.
What was NOT changed
No tools were removed from the JSON. The MCP session this audit ran in is read-only (X-MCP-Readonly: true), so all *_write tools and several other write/management tools are filtered out of the visible toolset. They remain valid entries in the JSON because they exist in the upstream MCP server when read-only mode is not set.
Verification
- The tool description matches the existing
mcp__github__check_dependency_vulnerabilities definition exposed by the MCP server.
- Required parameters:
owner, repo, and dependencies (each with name, version, ecosystem).
- Permission:
security-events (already declared on the security_advisories toolset).
Test plan
To route changes like this to a review issue instead of blocking, configure protected-files: fallback-to-issue in your workflow configuration.
Generated by GitHub MCP Remote Server Tools Report Generator · ● 14.6M · ◷
Summary
The nightly GitHub MCP tools audit detected one tool exposed by the GitHub MCP remote server that was not in
pkg/workflow/data/github_toolsets_permissions.json:check_dependency_vulnerabilities— checks a list of dependencies against the GitHub Advisory Database for known vulnerabilities. The tool is remote-only (not present in the open-sourcegithub/github-mcp-serversource tree, similar togithub_support_docs_searchand thecopilot_spacestools).Changes
pkg/workflow/data/github_toolsets_permissions.json— addedcheck_dependency_vulnerabilitiesto thesecurity_advisoriestoolset (alphabetical ordering preserved). Placement rationale: the tool queries the GitHub Advisory Database, which is the same data source as the rest ofsecurity_advisories. It uses the existingsecurity-eventspermission..github/aw/github-mcp-server.md— added the tool to thesecurity_advisoriesdocumentation table and bumped the Last Updated date.What was NOT changed
No tools were removed from the JSON. The MCP session this audit ran in is read-only (
X-MCP-Readonly: true), so all*_writetools and several other write/management tools are filtered out of the visible toolset. They remain valid entries in the JSON because they exist in the upstream MCP server when read-only mode is not set.Verification
mcp__github__check_dependency_vulnerabilitiesdefinition exposed by the MCP server.owner,repo, anddependencies(each withname,version,ecosystem).security-events(already declared on thesecurity_advisoriestoolset).Test plan
gh aw compilesucceeds against existing workflows that usesecurity_advisoriesWarning
Protected Files
This was originally intended as a pull request, but the patch modifies protected files. These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
Click here to create the pull request once you have reviewed the changes
Protected files
To route changes like this to a review issue instead of blocking, configure
protected-files: fallback-to-issuein your workflow configuration.