Maintainer Radar is designed to make pull request queues easier to scan without giving another service control of the repository.
For live GitHub scans, Maintainer Radar reads pull request metadata through the GitHub CLI or the GitHub Actions token:
It does not read repository secrets. It does not clone private source code unless your own workflow checks out the repository for another step.
The CLI writes output to your terminal or to the file path you choose. The GitHub Action writes a report artifact and, by default, a compact run summary.
Maintainer Radar does not send queue data to a hosted service, analytics endpoint, webhook, model provider, or external database.
Use the smallest permissions needed for a queue report:
permissions:
contents: read
pull-requests: read
The Action uses the workflow token you pass as GH_TOKEN. It does not need a
personal access token for normal repository scans.
env:
GH_TOKEN: ${{ github.token }}
The browser preview reads public repository pull request data from GitHub’s public API. It does not ask for a token, and it does not post comments or write to the repository.
Because the browser preview is unauthenticated, it can hit public API rate limits. The GitHub Action and CLI are better for regular maintainer workflows.
Maintainer Radar does not:
Draft follow-up comments are written into reports so a maintainer can copy, edit, and decide what to post.
For private repositories, keep the report artifact inside the repository’s own GitHub Actions run unless your team has a separate sharing policy. If a workflow uploads the report elsewhere, that is behavior added by the workflow, not by Maintainer Radar.