Analysis updated 2026-06-24
Audit a repository for fake stars and bot-driven engagement
Run a daily scan that auto-files issues on compromised trending repos
Build a longitudinal dataset of coordinated GitHub bot campaigns
Request a one-off lifetime audit of stars and forks on a specific repo
| tg12/phantomstars | power-codes/scanner-ip-cdns | yihaohu0118/seal | |
|---|---|---|---|
| Stars | 38 | 38 | 38 |
| Language | Python | Python | Python |
| Setup difficulty | easy | easy | hard |
| Complexity | 3/5 | 2/5 | 5/5 |
| Audience | ops devops | ops devops | researcher |
Figures from each repo's GitHub metadata at analysis time.
Needs a GitHub token with sufficient API quota for GraphQL profile lookups, runs as a GitHub Actions cron with no other infra.
phantomstars is a tool that hunts for fake engagement on GitHub. Specifically, it tracks coordinated bot campaigns that mass-star or mass-fork repositories to make them look more popular and more trustworthy than they really are. The author argues that GitHub stars work as a trust signal for developers picking what code to use, and that bot farms have been corrupting that signal during the 2024 to 2026 AI boom by manufacturing fake credibility for low-quality or malicious repos. The whole thing runs as a GitHub Actions job on a daily schedule. There are no servers, no databases, and no hosting costs. Each run scrapes the GitHub Trending page, queries the search API for repos created in the last 7 days with sudden star activity, and pulls candidate repos from Reddit posts on r/osinttools and r/coolgithubprojects. It then looks at who recently starred or forked those repos, fetches each engaging account's profile through the GraphQL API, and scores them on signals like account age, profile completeness, repo history, and activity patterns. The core trick is timestamp clustering with union-find to detect coordinated campaigns, meaning groups of suspicious accounts that all engaged within a roughly 3-hour window. Each campaign gets a deterministic 8-character ID based on the sorted member logins, which lets the same campaign be tracked across days. Results land in an append-only JSONL ledger that gets committed back to the repo, and dashboards summarize the per-repo fakeness ratios. When a repo's fake-engagement ratio crosses 40 percent or a clear campaign is found, phantomstars files an issue directly on the targeted repo so the maintainer can see the evidence. There is an allowlist for false positives that anyone can request through an issue template. The license is Apache 2.0, the language is Python 3.13, and the project is part of JS Labs's AI Slop Intelligence work.
Daily GitHub Actions job that detects coordinated bot campaigns mass-starring or mass-forking GitHub repos, scores suspect accounts, and files issues on targeted repositories.
Mainly Python. The stack also includes Python, GitHub Actions, GraphQL.
Apache 2.0 lets you use, modify, and distribute commercially with attribution and a patent grant.
Setup difficulty is rated easy, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.