explaingit

tg12/phantomstars

Analysis updated 2026-06-24

38PythonAudience · ops devopsComplexity · 3/5LicenseSetup · easy

TLDR

Daily GitHub Actions job that detects coordinated bot campaigns mass-starring or mass-forking GitHub repos, scores suspect accounts, and files issues on targeted repositories.

Mindmap

mindmap
  root((phantomstars))
    Inputs
      GitHub Trending
      Search API recent repos
      Reddit candidate repos
      Events API engagements
    Outputs
      JSONL suspect ledger
      Per repo dashboards
      Issues on targeted repos
    Use Cases
      Detect star bot farms
      Notify maintainers
      Track campaigns over time
    Tech Stack
      Python 3.13
      GitHub Actions
      GraphQL API
      Union find
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Audit a repository for fake stars and bot-driven engagement

USE CASE 2

Run a daily scan that auto-files issues on compromised trending repos

USE CASE 3

Build a longitudinal dataset of coordinated GitHub bot campaigns

USE CASE 4

Request a one-off lifetime audit of stars and forks on a specific repo

What is it built with?

PythonGitHub ActionsGraphQLJSONL

How does it compare?

tg12/phantomstarspower-codes/scanner-ip-cdnsyihaohu0118/seal
Stars383838
LanguagePythonPythonPython
Setup difficultyeasyeasyhard
Complexity3/52/55/5
Audienceops devopsops devopsresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 30min

Needs a GitHub token with sufficient API quota for GraphQL profile lookups, runs as a GitHub Actions cron with no other infra.

Apache 2.0 lets you use, modify, and distribute commercially with attribution and a patent grant.

In plain English

phantomstars is a tool that hunts for fake engagement on GitHub. Specifically, it tracks coordinated bot campaigns that mass-star or mass-fork repositories to make them look more popular and more trustworthy than they really are. The author argues that GitHub stars work as a trust signal for developers picking what code to use, and that bot farms have been corrupting that signal during the 2024 to 2026 AI boom by manufacturing fake credibility for low-quality or malicious repos. The whole thing runs as a GitHub Actions job on a daily schedule. There are no servers, no databases, and no hosting costs. Each run scrapes the GitHub Trending page, queries the search API for repos created in the last 7 days with sudden star activity, and pulls candidate repos from Reddit posts on r/osinttools and r/coolgithubprojects. It then looks at who recently starred or forked those repos, fetches each engaging account's profile through the GraphQL API, and scores them on signals like account age, profile completeness, repo history, and activity patterns. The core trick is timestamp clustering with union-find to detect coordinated campaigns, meaning groups of suspicious accounts that all engaged within a roughly 3-hour window. Each campaign gets a deterministic 8-character ID based on the sorted member logins, which lets the same campaign be tracked across days. Results land in an append-only JSONL ledger that gets committed back to the repo, and dashboards summarize the per-repo fakeness ratios. When a repo's fake-engagement ratio crosses 40 percent or a clear campaign is found, phantomstars files an issue directly on the targeted repo so the maintainer can see the evidence. There is an allowlist for false positives that anyone can request through an issue template. The license is Apache 2.0, the language is Python 3.13, and the project is part of JS Labs's AI Slop Intelligence work.

Copy-paste prompts

Prompt 1
Walk me through the phantomstars scoring heuristics and show which signals contribute most to a suspect score above 0.75.
Prompt 2
Show me how to fork phantomstars and add a new discovery source like Hacker News links instead of Reddit.
Prompt 3
Explain the timestamp clustering and union-find code that groups accounts into a single campaign ID.
Prompt 4
Help me wire phantomstars into my own GitHub Actions workflow so it scans only my org's repos daily.
Prompt 5
Generate a script that reads data/suspects.jsonl and produces a CSV of the top 20 worst-offending bot accounts.

Frequently asked questions

What is phantomstars?

Daily GitHub Actions job that detects coordinated bot campaigns mass-starring or mass-forking GitHub repos, scores suspect accounts, and files issues on targeted repositories.

What language is phantomstars written in?

Mainly Python. The stack also includes Python, GitHub Actions, GraphQL.

What license does phantomstars use?

Apache 2.0 lets you use, modify, and distribute commercially with attribution and a patent grant.

How hard is phantomstars to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is phantomstars for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.