alt Hacker NewsI strongly suspect this is a case of classic personal access tokens being used in an unclean way.
If you are going to be handing tokens to AI agents on weird openclaw contraptions, you should try to use the fine grained variants. My GitHub account spans 3 organizations with wildly differing policies. The fact that classic tokens are even still allowed blows my mind a bit. You should be required to manually opt in each organization at a minimum.
Replies
You are correct but the issue is permission management with finegrained tokens is nighmare. It is not easy to decide what is correct and what is needed for some operation. Furthermore, often software devs think it is important to focus on code rather than permissions - as it is for someone else's responsibility....
I use classic tokens on low-privileged accounts for scraping public repos. I suppose organization level permissions would work fine for me.
It feels to me like AI agents should be their own security principals and use access tokens generated speficically for them on the repos or orgs that they need access to. Handing an AI agent an access token "minted" for a human's account feels to me like the new "write the password on a post-it".