diff --git a/.gitea/scripts/review-check.sh b/.gitea/scripts/review-check.sh
index 5bc004482..f8f37bc8c 100755
--- a/.gitea/scripts/review-check.sh
+++ b/.gitea/scripts/review-check.sh
@@ -227,11 +227,11 @@ for U in $CANDIDATES; do
       ;;
     403)
       # Token owner is not in the team being probed; the API refuses to
-      # confirm membership. This is the RFC#324 follow-up token-scope gap.
-      # Fail closed — never grant approval on a 403; surface clearly.
-      echo "::error::team-probe for ${U} in ${TEAM} returned 403 (token owner not in ${TEAM} team — RFC#324 token-scope follow-up). Cannot confirm membership; failing closed."
+      # confirm membership. Skip this candidate and keep checking the rest —
+      # if no candidates pass the membership check the loop exits below.
+      echo "::warning::team-probe for ${U} in ${TEAM} returned 403 (token owner not in ${TEAM} team — RFC#324 token-scope follow-up). Skipping candidate; will keep checking."
       cat "$TEAM_PROBE_TMP" >&2
-      exit 1
+      continue
       ;;
     404)
       debug "${U} not a member of ${TEAM}"
@@ -243,5 +243,5 @@ for U in $CANDIDATES; do
   esac
 done
 
-echo "::error::${TEAM}-review awaiting non-author APPROVE from ${TEAM} team (candidates: $(echo "$CANDIDATES" | tr '\n' ',' | sed 's/,$//') — none are in team)"
+echo "::error::${TEAM}-review no valid team-member approval found; check that reviewer is in ${TEAM} team or token owner is a ${TEAM} team member (candidates: $(echo "$CANDIDATES" | tr '\n' ',' | sed 's/,$//'))"
 exit 1