Stow.Using Claude with GitHub: AI-Powered PRs Without the Risk
AI AgentsApril 19, 20265 min read

Using Claude with GitHub: AI-Powered PRs Without the Risk

Letting Claude read your repos and draft pull requests is genuinely useful. Letting it merge those PRs, trigger workflows, or delete repositories without review is not. Here's the right setup.

Claude

Claude with GitHub access can read your codebase, write issues, draft pull requests, and even trigger workflows. That's genuinely powerful. But a GitHub Personal Access Token with broad scopes gives Claude the same level of access as your own account — including the ability to delete repositories, merge PRs without review, and modify production workflows.

The integration itself isn't the risk. Unscoped access is. This guide walks you through connecting Claude to GitHub through Stow, so you get AI-powered development tooling with precise, auditable permission boundaries.

What the Setup Should Look Like

Every Claude request to your GitHub account passes through a policy layer before execution:

ClaudeStowGitHub

Without this layer, Claude operates with the same authority as your PAT — which on most developer machines is fairly broad.

Why GitHub Access Needs Explicit Scoping

GitHub permissions have significant differences in blast radius. The gap between "read repositories" and "delete repositories" is enormous — and both can be granted with a single PAT:

AI can merge PRs without human code review
Workflow triggers can kick off production pipelines
Repository deletion is immediate and hard to reverse
Webhook creation exposes your repos to external systems

Step 1: Connect GitHub in Stow

Start inside your Stow dashboard:

  • Navigate to Connected Services
  • Click Add New Service
  • Select GitHub from the directory
  • Generate a Personal Access Token in your GitHub settings with the minimum required scopes, then paste it into Stow
  • Click Save to complete the connection

Once connected, Stow holds your token. Claude never interacts with GitHub directly — every request is proxied and evaluated against your permission policy first.

Step 2: Configure GitHub Permissions

GitHub has the widest range of operations of any integration in Stow. Work through each category deliberately — especially the ones that affect your main branch or production environments.

Recommended Starting Configuration

Read repositoriesAllowed
Read & write file contentsApproval Required
Create repositoriesOff
Delete repositoriesOff
Read issuesAllowed
Create & update issuesAllowed
Read pull requestsAllowed
Create pull requestsAllowed
Submit PR reviewsApproval Required
Merge pull requestsOff
Read & trigger workflowsApproval Required
Cancel workflow runsOff
Manage webhooksOff

Merge Pull Requests stays off. This is a firm recommendation regardless of how much you trust Claude's judgment. Code review is a human responsibility. Claude drafting the PR is helpful; Claude merging it is a risk you don't need to take.

Step 3: Connect Claude to Stow

Wire Claude Desktop into the Stow MCP layer:

  • Open Claude Desktop and click Customize in the sidebar
  • Go to Connectors → Add Custom Connector
  • Name it (e.g., "Stow") and paste the connector URL: https://mcp.stowprotect.com
  • Click Add, then Connect — Claude initiates the OAuth flow automatically

Step 4: Start Using GitHub in Claude

With the integration live, you can use prompts like:

"Read the open issues in this repo and summarize the most critical ones"
"Draft a PR description for the changes in this branch"
"Create an issue for this bug with steps to reproduce"
"What workflows are configured in this repo?"

When Claude attempts to trigger a workflow or submit a PR review, Stow pauses the request in your approval queue. You see what Claude intends to do before it happens — and approve or deny from the dashboard.

The Three Tiers of GitHub Risk

Read Operations

Reading repos, issues, PRs, workflow runs, file contents. No changes. Safe to allow broadly.

Write Operations

Creating issues, drafting PRs, writing file contents, triggering workflows. Useful — worth requiring approval.

Destructive Operations

Merging PRs, deleting repos, managing webhooks, canceling production runs. Keep these off.

What Gets Logged

Every GitHub action Claude attempts is recorded — which repo, which operation, what the result was.

Action Taken
Timestamp
Status
Risk Score

No Code Is Ever Stored

Stow's Zero-Retention policy applies to all GitHub data:

  • Repository contents and file data are stripped before the database
  • GitHub API responses are sanitized to metadata only
  • Personal Access Tokens are masked and never persisted in plain text

AI That Helps Without Taking the Wheel

The most useful GitHub automations — issue triage, PR drafting, codebase Q&A, workflow status checks — all fit comfortably within safe permission boundaries. You don't need to give Claude merge authority to get the productivity gains. With Stow, Claude gets a precise GitHub role with a clear ceiling. What it can do is useful. What it can't do is protected.

Connect GitHub the Right Way

AI-powered repo access with full audit trails and no merge authority. Set it up in minutes.

S

Stow Security Team

April 19, 2026