Using Claude with GitHub: AI-Powered PRs Without the Risk
Letting Claude read your repos and draft pull requests is genuinely useful. Letting it merge those PRs, trigger workflows, or delete repositories without review is not. Here's the right setup.
Claude with GitHub access can read your codebase, write issues, draft pull requests, and even trigger workflows. That's genuinely powerful. But a GitHub Personal Access Token with broad scopes gives Claude the same level of access as your own account — including the ability to delete repositories, merge PRs without review, and modify production workflows.
The integration itself isn't the risk. Unscoped access is. This guide walks you through connecting Claude to GitHub through Stow, so you get AI-powered development tooling with precise, auditable permission boundaries.
What the Setup Should Look Like
Every Claude request to your GitHub account passes through a policy layer before execution:
Without this layer, Claude operates with the same authority as your PAT — which on most developer machines is fairly broad.
Why GitHub Access Needs Explicit Scoping
GitHub permissions have significant differences in blast radius. The gap between "read repositories" and "delete repositories" is enormous — and both can be granted with a single PAT:
Step 1: Connect GitHub in Stow
Start inside your Stow dashboard:
- Navigate to Connected Services
- Click Add New Service
- Select GitHub from the directory
- Generate a Personal Access Token in your GitHub settings with the minimum required scopes, then paste it into Stow
- Click Save to complete the connection
Once connected, Stow holds your token. Claude never interacts with GitHub directly — every request is proxied and evaluated against your permission policy first.
Step 2: Configure GitHub Permissions
GitHub has the widest range of operations of any integration in Stow. Work through each category deliberately — especially the ones that affect your main branch or production environments.
Recommended Starting Configuration
Merge Pull Requests stays off. This is a firm recommendation regardless of how much you trust Claude's judgment. Code review is a human responsibility. Claude drafting the PR is helpful; Claude merging it is a risk you don't need to take.
Step 3: Connect Claude to Stow
Wire Claude Desktop into the Stow MCP layer:
- Open Claude Desktop and click Customize in the sidebar
- Go to Connectors → Add Custom Connector
- Name it (e.g., "Stow") and paste the connector URL:
https://mcp.stowprotect.com - Click Add, then Connect — Claude initiates the OAuth flow automatically
Step 4: Start Using GitHub in Claude
With the integration live, you can use prompts like:
When Claude attempts to trigger a workflow or submit a PR review, Stow pauses the request in your approval queue. You see what Claude intends to do before it happens — and approve or deny from the dashboard.
The Three Tiers of GitHub Risk
Read Operations
Reading repos, issues, PRs, workflow runs, file contents. No changes. Safe to allow broadly.
Write Operations
Creating issues, drafting PRs, writing file contents, triggering workflows. Useful — worth requiring approval.
Destructive Operations
Merging PRs, deleting repos, managing webhooks, canceling production runs. Keep these off.
What Gets Logged
Every GitHub action Claude attempts is recorded — which repo, which operation, what the result was.
No Code Is Ever Stored
Stow's Zero-Retention policy applies to all GitHub data:
- Repository contents and file data are stripped before the database
- GitHub API responses are sanitized to metadata only
- Personal Access Tokens are masked and never persisted in plain text
AI That Helps Without Taking the Wheel
The most useful GitHub automations — issue triage, PR drafting, codebase Q&A, workflow status checks — all fit comfortably within safe permission boundaries. You don't need to give Claude merge authority to get the productivity gains. With Stow, Claude gets a precise GitHub role with a clear ceiling. What it can do is useful. What it can't do is protected.
Stow Security Team
April 19, 2026