Hello @ryao ,
We discussed this topic more closely internally. The permission to act on your behalf is not something that we can control and is added by GitHub by default, and, looking at their documentation on this, it can only do that for resources both the app and the GitHub user have access to.
As far as I know, we are not using this functionality. Everything we do on the GitHub platform is identified as coming from SonarCloud (e.g. adding a summary comment on a pull request).
Best,
Martin