diff --git a/actions/setup/js/check_membership.cjs b/actions/setup/js/check_membership.cjs
index 49103a93e6b..85427cf7082 100644
--- a/actions/setup/js/check_membership.cjs
+++ b/actions/setup/js/check_membership.cjs
@@ -41,7 +41,7 @@ async function main() {
     return;
   }
 
-  if (!requiredPermissions || requiredPermissions.length === 0) {
+  if (requiredPermissions.length === 0) {
     core.warning("❌ Configuration error: Required permissions not specified. Contact repository administrator.");
     core.setOutput("is_team_member", "false");
     core.setOutput("result", "config_error");
@@ -60,7 +60,7 @@ async function main() {
     // User doesn't have required permissions (or the permission check failed with an error).
     // Always attempt the bot allowlist fallback before giving up, so that GitHub Apps whose
     // actor is not a recognized GitHub user (e.g. "Copilot") are not silently denied.
-    if (allowedBots && allowedBots.length > 0) {
+    if (allowedBots.length > 0) {
       core.info(`Checking if actor '${actor}' is in allowed bots list: ${allowedBots.join(", ")}`);
 
       if (isAllowedBot(actor, allowedBots)) {
diff --git a/actions/setup/js/check_membership.test.cjs b/actions/setup/js/check_membership.test.cjs
index 9cd490489f5..adb04b06098 100644
--- a/actions/setup/js/check_membership.test.cjs
+++ b/actions/setup/js/check_membership.test.cjs
@@ -441,5 +441,35 @@ describe("check_membership.cjs", () => {
       expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "true");
       expect(mockCore.setOutput).toHaveBeenCalledWith("result", "authorized_bot");
     });
+
+    it("should skip bot check when GH_AW_ALLOWED_BOTS is empty string", async () => {
+      process.env.GH_AW_ALLOWED_BOTS = "";
+
+      mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValueOnce({
+        data: { permission: "none" },
+      });
+
+      await runScript();
+
+      // Only 1 API call (the permission check) — no bot status check
+      expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledTimes(1);
+      expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
+      expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
+    });
+
+    it("should skip bot check when GH_AW_ALLOWED_BOTS is not set", async () => {
+      delete process.env.GH_AW_ALLOWED_BOTS;
+
+      mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValueOnce({
+        data: { permission: "none" },
+      });
+
+      await runScript();
+
+      // Only 1 API call (the permission check) — no bot status check
+      expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledTimes(1);
+      expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
+      expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
+    });
   });
 });