Minimal token permissions necessary?

[thvasilo]

When setting up a personal token for Github access there's a large set of permissions that we could set.

For this script to work, which are the minimal (strictly necessary) permissions we need to provide to the access token?

Is there a difference if a repo is personal or part of an organization?

[tangentsoft]

Even security questions aside, it isn't obvious what permissions are actually even necessary. I tried giving my access token "repo:status" scope, which seemed plausible, but it just complained "Bad credentials". Then I gave it all of "repo", and it still complained.

What does this thing want?