packages/kilo-docs/pages/kiloclaw/development-tools/github.md
Connect a GitHub account to your KiloClaw agent so it can clone repositories, push commits, open pull requests, and leave code reviews — all autonomously.
{% callout type="warning" title="Security" %} Create a dedicated GitHub account for your bot rather than using your personal account. This limits the blast radius if credentials are compromised, provides clear audit trails of agent activity, and lets you scope permissions to only what the agent needs. {% /callout %}
If you don't already have a dedicated GitHub account for your bot, create one first:
Once you have a GitHub account ready, continue to Step 2.
KiloClaw uses a fine grained Personal Access Token to authenticate as your bot. When creating the token, use these settings:
| Setting | Recommended Value |
|---|---|
| Token name | kiloclaw-bot (or any descriptive name) |
| Expiration | 90 days (set a reminder to rotate) |
| Repository access | All repositories, or select specific ones |
Grant the following permissions:
| Permission | Access Level | Purpose |
|---|---|---|
| Contents | Read & Write | Clone repos, push commits |
| Pull requests | Read & Write | Open and manage pull requests |
| Issues | Read & Write | Create and comment on issues |
| Metadata | Read only | List repositories and basic repo info |
| Workflows | Read & Write | Trigger and manage GitHub Actions workflows |
KiloClaw accepts both GitHub token formats:
ghp_ (e.g., ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)github_pat_ (e.g., github_pat_xxxxxxxxxxxxxxxxxxxxxx)Fine grained tokens are recommended as they provide more granular permission control.
When your instance starts, KiloClaw automatically:
gh) with your tokengit with the bot's username and email for commitsgh and git commands available to the agentThe agent can then use standard Git and GitHub CLI commands to interact with your repositories.