copilot-cli-mcp-config
Manages GitHub Copilot CLI MCP server configurations using mcp-config.json for seamless integration and server management.
Install this skill
Security score
The copilot-cli-mcp-config skill was audited on Mar 4, 2026 and we found 24 security issues across 3 threat categories, including 5 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 81 | ```json |
Template literal with variable interpolation in command context
| 126 | ```json |
Template literal with variable interpolation in command context
| 179 | Use `${VAR_NAME}` syntax for variable substitution: |
Template literal with variable interpolation in command context
| 181 | ```json |
Template literal with variable interpolation in command context
| 206 | | **Env vars** | Supports `inputs` and `envFile` | Only `env` object with `${VAR}` syntax | |
Template literal with variable interpolation in command context
| 208 | | **Variable syntax** | Can use `inputs` references | Must use `${VARIABLE}` syntax | |
Template literal with variable interpolation in command context
| 212 | ```json |
Template literal with variable interpolation in command context
| 229 | ```json |
Template literal with variable interpolation in command context
| 249 | ```json |
Template literal with variable interpolation in command context
| 277 | ```json |
Template literal with variable interpolation in command context
| 357 | - Ensure using `${VAR_NAME}` syntax (not `$VAR_NAME`) |
Template literal with variable interpolation in command context
| 372 | 3. Replace `inputs` with `env` and use `${VAR}` syntax |
Access to hidden dotfiles in home directory
| 3 | description: Manage GitHub Copilot CLI MCP server configuration using mcp-config.json. Use when configuring MCP servers for GitHub Copilot CLI in ~/.copilot or custom paths, adding local/remote MCP se |
Access to hidden dotfiles in home directory
| 13 | **Default**: `~/.copilot/mcp-config.json` |
Access to hidden dotfiles in home directory
| 18 | # In ~/.zshrc or ~/.bashrc |
Access to hidden dotfiles in home directory
| 207 | | **Location** | `.vscode/mcp.json` or global settings | `~/.copilot/mcp-config.json` or `$XDG_CONFIG_HOME/.copilot/mcp-config.json` | |
Access to hidden dotfiles in home directory
| 304 | # In ~/.zshrc or ~/.bashrc |
Access to hidden dotfiles in home directory
| 322 | if ! grep -q 'export XDG_CONFIG_HOME=' ~/.bashrc; then |
Access to hidden dotfiles in home directory
| 323 | echo "export XDG_CONFIG_HOME=\"$GH_CLI_CONFIG_DIR\"" >> ~/.bashrc |
Access to hidden dotfiles in home directory
| 353 | - Check logs in `~/.copilot/logs/` or `$XDG_CONFIG_HOME/.copilot/logs/` |
Access to hidden dotfiles in home directory
| 378 | **Personal configuration**: Store in default `~/.copilot/mcp-config.json` |
External URL reference
| 131 | "url": "https://api.githubcopilot.com/mcp/readonly", |
External URL reference
| 260 | "url": "https://api.githubcopilot.com/mcp/readonly", |
External URL reference
| 390 | - [Original article by Mikoshiba Kyu](https://dev.to/mikoshiba-kyu/managing-github-copilot-cli-mcp-server-configuration-in-your-repository-58i6) |
Install this skill with one command
/learn @arisng/copilot-cli-mcp-config