Improve documentation

Author: JarLob

.github/workflows/sample.yml

@@ -20,7 +20,7 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: GitHubSecurityLab/pwn-request-scanner@9791f6e2ab36a9ca92342d4b2adc749e870133b9
+    - uses: GitHubSecurityLab/pwn-request-scanner@9791f6e2ab36a9ca92342d4b2adc749e870133b9 # v1
       with:
         owner: ${{ inputs.owner }}
         repo: ${{ inputs.repo }}

README.md

@@ -11,4 +11,4 @@ The `pwn request scanner` is a simple tool that doesn't go into depths of analyz
 You can run the scanner as:
 
 * GitHub Action in your repository. Just copy the [sample workflow](.github/workflows/sample.yml).  
-* Locally running the [index.js](dist/index.js) script from the dist folder.  
+* Locally running the [index.js](dist/index.js) script from the dist folder. Set environment variable `GITHUB_TOKEN` to your Personal Access Token (PAT).  

dist/index.js

@@ -122,6 +122,10 @@ if (process.env.GITHUB_ACTIONS) {
     if (process.argv.length < 4) {
         printUsageAndExit();
     }
+    if (process.env.GITHUB_TOKEN === undefined) {
+        console.log('Error: GITHUB_TOKEN environment variable is not set.');
+        process.exit(1);
+    }
     verbose = process.argv.length > 4 && process.argv[4] === '--verbose' ? true : false;
     run(process.argv[2], process.argv[3], process.env.GITHUB_TOKEN).catch(error => {
         console.log(`Error: ${error}`);