Through the MCP integration in GitHub Copilot, your AI agent is no longer limited to interactions with your IDE but can interact with your local computer and the outside world. A problem is that this open up a new range of possible attack vectors and malicious actors. So be careful when downloading a random MCP server example from the Internet.
GitHub Copilot Agents helps you by asking by default permission to execute a task:
Only by clicking on Continue the MCP server instance is called, and the tool is executed.
Of course, it can become annoying to confirm this over and over again. Therefore, you can choose between multiple options:
- Allow in this Session
- Allow in this Workspace
- Always allow
This gives you full control to balance between security and convenience.
If you really want to just auto-approve everything (not recommended) set this in your settings:
chat.tools.autoApprove: true
Happy (vibe) coding!
More information
Use MCP servers in VS Code (Preview)
Extending Copilot Chat with the Model Context Protocol (MCP) - GitHub Docs