Summary
The GitHub MCP Agent crashes with an unhandled NameError in the manual token verification flow when the X-OAuth-Scopes response header is missing. The variable scopes is only conditionally initialized, but is later referenced unconditionally in the check:
if 'repo' not in scopes:
If the header is absent (common with invalid tokens, fine-grained tokens, or some API responses), the handler throws:
NameError: name 'scopes' is not defined
This causes the chat message handler to terminate unexpectedly, resulting in a denial-of-service condition for the affected session.
Steps to reproduce
1.Start the GitHub MCP Agent:
python agent.py
- Send a message containing an invalid or unsupported GitHub token:
ghp_invalidtokenfortesting
3.The agent attempts token validation and requests:
GET /user
If the response does not contain the X-OAuth-Scopes header, the variable scopes is never initialized.
4.Observe the crash when execution reaches:
if 'repo' not in scopes:
#133
Expected behavior
The agent should gracefully handle missing X-OAuth-Scopes headers by initializing scopes to a safe default value (e.g. empty string or empty list) and returning a clean validation error message instead of crashing.
Actual behavior
The message handler crashes with an unhandled exception:
NameError: name 'scopes' is not defined
This terminates the current request/session flow and prevents graceful error handling.
Affected file or folder path
mcp-agents/Github MCP Agent/agent.py
Logs / traceback
Traceback (most recent call last):
File "agent.py", line XXX, in handle_chat_message
if 'repo' not in scopes:
NameError: name 'scopes' is not definedEnvironment
OS: macOS / Linux Python: 3.11 Affected Component: GitHub MCP Agent
Summary
The GitHub MCP Agent crashes with an unhandled NameError in the manual token verification flow when the X-OAuth-Scopes response header is missing. The variable scopes is only conditionally initialized, but is later referenced unconditionally in the check:
if 'repo' not in scopes:If the header is absent (common with invalid tokens, fine-grained tokens, or some API responses), the handler throws:
NameError: name 'scopes' is not definedThis causes the chat message handler to terminate unexpectedly, resulting in a denial-of-service condition for the affected session.
Steps to reproduce
1.Start the GitHub MCP Agent:
python agent.pyghp_invalidtokenfortesting3.The agent attempts token validation and requests:
GET /user
If the response does not contain the X-OAuth-Scopes header, the variable scopes is never initialized.
4.Observe the crash when execution reaches:
if 'repo' not in scopes:#133
Expected behavior
The agent should gracefully handle missing X-OAuth-Scopes headers by initializing scopes to a safe default value (e.g. empty string or empty list) and returning a clean validation error message instead of crashing.
Actual behavior
The message handler crashes with an unhandled exception:
NameError: name 'scopes' is not definedThis terminates the current request/session flow and prevents graceful error handling.
Affected file or folder path
mcp-agents/Github MCP Agent/agent.py
Logs / traceback
Environment
OS: macOS / Linux Python: 3.11 Affected Component: GitHub MCP Agent