I looked for an explanation of what the tool does on my behalf on your site but didn't see anything.

I guess I expected on the homepage or maybe "About" but I was looking for something related to whether you open PRs on my behalf given that OAuth prompt.

I think adding that or some explanation during onboarding about the permissions might help.

That's good to know, but I would still suggest an on-ramp that only uses GitHub for authentication (i.e. no permissions needed). To that end, it would be nice if I could also authenticate with other OAuth providers instead, like Google, etc.

Again, I understand that this would limit me to scanning public repos, but that would be fine.