diff --git a/bin/check-github-token-privileges.sh b/bin/check-github-token-privileges.sh
index f146be134..1e991cfb6 100755
--- a/bin/check-github-token-privileges.sh
+++ b/bin/check-github-token-privileges.sh
@@ -5,9 +5,23 @@
 # it can be programmatically or manually double checked whether it only had the
 # intended privileges. For example: no write privileges, and read:package only.
 
-token=$1
-if [ -z $token ]; then
-    echo "Missing argument: GitHub token to inspect."
-else
-    curl -sS -f -I -H "Authorization: token $token" https://api.github.com | grep -i x-oauth-scopes
+token="$1"
+if [ -z "$token" ]; then
+    echo "Missing argument: GitHub token to inspect, e.g. '$0 \$GITHUB_TOKEN'"
+    exit 1
 fi
+
+output=$(curl -sS -f -I -H "Authorization: token $token" https://api.github.com)
+if [ $? != 0 ]; then
+  echo "ERROR: curl failed to resolve token privileges for the given token. Is it valid?"
+  exit 1
+fi
+
+oauth_scopes=$(echo "$output" | grep -i x-oauth-scopes | grep -v ^access-control-expose-headers)
+if [ -z "$oauth_scopes" ]; then
+  echo "ERROR: Failed to resolve token privileges from curl response."
+  exit 1
+fi
+
+echo "$oauth_scopes"
+