The app technically does not require “write“ permissions but unfortunately the GitHub API does not provide a read-only OAuth scope for public and/or private repos which is what our app needs and we are forced to use the “repo“ scope. Including GitHub documentation on Scopes for OAuth Apps as reference.