Building a GitHub Stats MCP Server with Security Metrics

Ana Jimenez Santamaria Posted on May 31 Building a GitHub Stats MCP Server with Security Metrics # github # mcp # security # tutorial 👋 This is the second chapter of a series where I document what I'm learning about Model Context Protocol Architecture and Tool implementations In Chapter 1, I built a simple Calculator MCP Server. This time, I connected my MCP server to an external API, added the two other MCP structures (Resources and Prompts), and ended up with something useful for teams evaluating open source dependencies and ecosystem health: a security risk assessment tool powered by CHAOSS metrics, helping practitioners better interpret project health Let's first get into the theory and new concepts An Introduction to MCP Resources and Prompts We briefly mentioned in the last post about the MCP's primitives: Tools: Grants agency to the AI and are functions the LLM executes (e.g., get_repo_info()) Resources: Provides safe, contextual data the LLM can read a URL, a file, or an API response Prompts: Structure the conversation with expert context templates (e.g., You are a data scientist analyzing CHAOSS metrics ) For this project, I needed all three: Tools to fetch GitHub data, Resources to load the CHAOSS guide, and Prompts to give the LLM the right expert context. What is CHAOSS and why does it matter to build GitHUb Stats? CHAOSS is a Linux Foundation project that develops metrics and frameworks for measuring the health of open source communities. Their Practitioner Guides are particularly useful because they take complex community health topics, such as security, contributor sustainability, and responsiveness, and translate them into actionable metrics. These metrics can help anyone interpreting open source project data develop insights to improve the project’s health. The one I focused on building my server is the CHAOSS Security Practitioner Guide, which centers on three primary metrics: OpenSSF Best Practices Badge : whether the project follows OpenSSF secu