Connecting GitHub, Slack, and DB to Claude Code with MCP (Model Context Protocol) — How AI Takes Direct Action on External Systems
Have you ever wished you could just tell Claude Code, "Leave a comment on this PR"? I used to treat AI as nothing more than a code-writing tool, but everything changed once I discovered MCP. The moment I typed "Create a draft PR for issue #42" and watched Claude directly call the GitHub API to open the PR, I immediately realized this was a completely different paradigm.
How is that possible? The key is MCP (Model Context Protocol). It's an open-source standard protocol released by Anthropic in November 2024 that defines a unified specification for communication between AI and external systems. It's often compared to "USB-C for AI" — meaning you can plug in any tool with just a few lines of JSON, without writing separate integration code for each system. This article covers the concrete configuration files for connecting GitHub, Slack, and PostgreSQL to Claude Code, along with a security checklist you absolutely must go through in production.
There's a particular reason now is a great time for this. In December 2025, Anthropic transferred MCP to the Agentic AI Foundation under the Linux Foundation, significantly reducing concerns about vendor lock-in. OpenAI, Google DeepMind, and Microsoft have also added support, making it effectively common industry infrastructure. As of May 2026, the official registry alone lists over 9,600 registered servers. Learn this now, and this knowledge carries over no matter which AI tool you switch to.
Core Concepts
MCP Architecture: Three Layers
MCP consists of three main components.
| Component | Role | Examples |
|---|---|---|
| MCP Host | AI client that converses with the user and invokes tools | Claude Code, Claude Desktop, Cursor |
| MCP Server | Lightweight process responsible for connecting to external systems | server-github, server-slack, server-postgres |
| Transport Layer | Communication method between Host and Server | stdio (local), Streamable HTTP (remote standard), SSE (legacy) |
At first, the word "server" made me think I needed to deploy something somewhere, but the local method (stdio) is just a process that runs with a single npx command. No separate server infrastructure required.
Choosing a Transport method: For local development or personal tools,
stdiois simple and fast. For cases requiring remote access — like shared team environments or CI/CD pipelines — Streamable HTTP is recommended. Added as the official remote transport method starting with the MCP 2025-03-26 spec, while the existing HTTP/SSE is being classified as a legacy path.
Two Ways to Register an MCP Server in Claude Code
Prerequisites: Most MCP servers use
npx, so Node.js 18 or higher must be installed.
Method 1: Instant registration via CLI (HTTP method)
claude mcp add -s user --transport http github \
https://api.githubcopilot.com/mcp \
-H "Authorization: Bearer YOUR_GITHUB_PAT"Here, -s user specifies the scope as user. The project scope only works within the current project, but specifying user makes this MCP server available across all projects where you run Claude Code.
Method 2: Per-project management via .mcp.json file (stdio method)
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PAT}"
}
}
}
}Although the two methods look similar in their results, they actually use completely different transports. Method 1 connects directly to GitHub's remote MCP endpoint via HTTP, while Method 2 spins up a server process locally with npx and communicates over stdio. If you want to share configuration with teammates, placing .mcp.json in the project root is convenient. However, don't commit a .mcp.json containing actual token values — only store the environment variable reference form (${GITHUB_PAT}) in the repository.
Practical Application
Example 1: GitHub — From PR Automation to Code Search
When I first set up GitHub MCP and typed "Show me the list of currently open issues," I was pretty surprised to watch Claude actually call the GitHub API and retrieve the issue list. I've added GITHUB_TOOLSETS to the configuration below — specifying it lets you restrict the scope of GitHub features Claude can use, which is especially useful in production.
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_PAT}",
"GITHUB_TOOLSETS": "repos,issues,pull_requests"
}
}
}
}Issuing a GitHub PAT: It is recommended to go to GitHub Settings → Developer settings → Personal access tokens and issue a token with only the necessary permissions selected. The
repo,issues, andpull_requestsscopes cover most tasks.
Once registered, natural language commands like these in the Claude Code chat window translate directly into GitHub API calls.
| Natural Language Command | Actual Action |
|---|---|
| "Show me the list of changed files compared to the main branch" | Fetch diff via GitHub API |
| "Create a draft PR for issue #42" | Call the PR creation API |
| "Show me recently opened issues with the bug label" | Filtered issue query |
| "Add a review comment to this PR" | Call Pull Request Review API |
This is a situation I frequently encounter in production — given an issue number, it finds the related commits and automatically fills in the PR description, which turns out to be quite useful. I also use it often for drafting release notes.
Example 2: Slack — Automatic GitHub Notification Channel Integration
Adding the Slack MCP server enables sending channel messages, listing channels, searching for specific messages, and more.
{
"mcpServers": {
"slack": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-slack"],
"env": {
"SLACK_BOT_TOKEN": "${SLACK_BOT_TOKEN}",
"SLACK_TEAM_ID": "T0XXXXXXX"
}
}
}
}For SLACK_TEAM_ID, just use the part starting with T from https://app.slack.com/client/T0XXXXXXX/... shown in the address bar when you access your workspace on Slack Web. The Bot Token can be issued from the OAuth & Permissions menu after creating an app on the Slack API apps page.
The real value shows when you register both GitHub MCP and Slack MCP together. The first automation our team built after the Slack integration was exactly this pattern — this entire workflow completes within a single Claude Code conversation:
User: "Check the build failure on the feature/login branch
and send a summary message to the #dev-alerts channel"
Claude:
1. [GitHub MCP] Query the recent CI status of that branch
2. [GitHub MCP] Fetch failed steps and error logs
3. [Slack MCP] Send a summary message to the #dev-alerts channelPreviously, implementing this would have required Zapier or a separate script. Now it's done with a single line of natural language. The key is that the two MCPs chain together within the same conversation context.
Example 3: PostgreSQL — Querying the DB with Natural Language
Honestly, this part made me a bit nervous at first. The idea of AI directly firing queries at the DB. One thing worth noting upfront: @modelcontextprotocol/server-postgres can execute write queries by default. To restrict it to read-only, you need to limit the DB account's permissions themselves, not the server configuration. So it's much safer to start by first creating a dedicated read-only account before connecting.
SQL to create a read-only account in PostgreSQL:
CREATE USER mcp_user WITH PASSWORD 'your_password';
GRANT SELECT ON ALL TABLES IN SCHEMA public TO mcp_user;Then manage the connection string for this account as an environment variable.
{
"mcpServers": {
"postgres": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-postgres",
"${DATABASE_URL}"
]
}
}
}Set DATABASE_URL in the format postgresql://mcp_user:your_password@localhost:5432/mydb. After registering, you can ask Claude Code things like:
"Aggregate the number of users who signed up in the last 7 days from the users table"
"Explain the schema structure of the orders table"
"Write a query for monthly revenue trends and show me the results"Claude generates the SQL, executes it, and returns the results. Using a read-only account means you don't have to worry about accidentally running a DELETE query, which makes it much more comfortable to use.
Pros and Cons Analysis
Advantages
| Item | Description |
|---|---|
| Standardization | Build a server once and multiple AI clients — Claude Code, Cursor, VS Code Copilot — can share it |
| Development Speed | Connect new tools with just a few lines of JSON, without custom integration code per system |
| Multi-Agent Collaboration | Multiple AI agents can share the same MCP server and collaborate |
| Ecosystem | Over 9,600 servers in the official registry, with major vendor first-party support |
| Vendor Independence | Transfer to Linux Foundation alleviates concerns about vendor lock-in |
Disadvantages and Caveats
| Item | Description |
|---|---|
| Credential Centralization | Multiple service tokens concentrated in one place creates a single point of compromise risk — environment variable separation and secret managers like Vault are recommended |
| Prompt Injection | Maliciously crafted messages can trigger unintended operations on the MCP server — input validation and confirmation steps before sensitive operations are needed |
| OAuth Implementation Flaws | A significant number of public MCP servers contain security vulnerabilities — prefer official servers and conduct code reviews |
| Supply Chain Threats | Risk of tool poisoning from unverified third-party packages — verifying package origin and maintenance history is essential |
| Governance Gaps | Enterprise-grade audit logs and access controls depend on individual implementations rather than the protocol itself |
Minimum Required Controls for Enterprise Adoption
If you're adopting MCP in an enterprise environment, your team needs to handle these six things directly — the protocol doesn't provide them out of the box.
- OAuth 2.0 Authentication — Store credentials outside the AI context to limit the blast radius in case of token leakage.
- RBAC/ABAC Authorization — Granularly control each MCP tool invocation permission by role or attribute, so specific users can only use specific tools.
- Attribution-Level Audit Logs — Tracking "who, when, with what AI command, did what operation" is required for compliance response.
- Path and Scope Restriction — Minimize the API endpoints and data range the MCP server can access.
- Rate Limiting — Mitigate external API billing and DoS risks by preventing abnormal request spikes.
- Sensitivity Label Evaluation — A layer to classify and block query results or message content that may contain confidential data is needed.
The Most Common Mistakes in Production
-
Hardcoding tokens in
.mcp.json— Separate them using environment variable form (${GITHUB_PAT}) and only commit a template without token values to the repository. -
Using third-party MCP servers without verification — After learning about supply chain threat cases, I changed my habit of installing third-party servers right away. Known cases show that unverified MCP packages can exfiltrate sensitive data for a significant period without being detected. Prefer official servers under
@modelcontextprotocol/*or vendor first-party servers likegithub/github-mcp-server, and always inspect the code of third-party servers first. -
Connecting an admin account directly to the DB MCP —
@modelcontextprotocol/server-postgrescan execute write queries. To prevent accidentalDELETEorDROPexecution, the safe starting point is creating a dedicated account with onlyGRANT SELECTgranted, as shown in the example above, and connecting through that.
Closing Thoughts
MCP is the technology that gives AI hands to directly operate external systems. Now that governance has transferred to the Linux Foundation and it has become common infrastructure supported by OpenAI and Google alike, mastering this now means this knowledge stays with you no matter which AI tool you move to. The current moment, as the ecosystem matures rapidly, is also when the barrier to entry is lowest.
Three steps you can take right now:
-
Start by connecting GitHub MCP. Create
.mcp.jsonin your project root and just set theGITHUB_PATenvironment variable. Type "Show me the list of currently open issues" and you can verify it works immediately. Even without GitHub, starting with PostgreSQL alone is more than sufficient. -
Add Slack MCP and chain it with GitHub to see a clearer effect. Watching the two MCPs collaborate within the same conversation context is the fastest way to understand it.
-
When connecting a DB, start by creating a read-only account. Create a dedicated account first with
CREATE USER mcp_userandGRANT SELECT, then manage that connection string as${DATABASE_URL}— and you can use it without worry.
References
- Introducing the Model Context Protocol | Anthropic — Original MCP announcement. You can find the design background and philosophy here.
- Connect Claude Code to tools via MCP | Claude Code Docs — Official documentation for MCP configuration in Claude Code.
- Connect to external tools with MCP | Claude API Docs
- Model Context Protocol — Official Example Servers — List of official MCP servers including Slack and PostgreSQL.
- Model Context Protocol Servers | GitHub
- GitHub MCP Server | github/github-mcp-server — GitHub's official MCP server source code and installation guide.
- GitHub MCP Server Install Guide for Claude
- The 2026 MCP Roadmap | Model Context Protocol Blog — Useful for checking spec changes like Streamable HTTP and future direction.
- MCP Security Best Practices | modelcontextprotocol.io — Official security configuration guide.
- The Security Risks of Model Context Protocol (MCP) | Pillar Security — Analysis of supply chain threats and OAuth flaw cases.
- Model Context Protocol (MCP): Understanding security risks and controls | Red Hat
- MCP Adoption Statistics 2026 | Digital Applied
- Connect Claude Code to GitHub, Slack, and Databases with MCP | Code Velocity Academy