Skip to main content

Transparent, dependency-free GitHub fake-star detector — LOW/MEDIUM/HIGH with per-rule evidence.

Project description

fake-star-audit

A transparent, dependency-free GitHub fake-star checker. One Python file, no token, no install — point it at a repo and get a LOW / MEDIUM / HIGH risk verdict with every rule explained.

$ python3 audit.py --repo someowner/somerepo
🔴  someowner/somerepo  —  risk: HIGH
    422★ / 0 forks / age 66.9h
    windows: earliest=100, latest=22
    axes: page1_sliding_window, sequential_id_cluster, same_second_cluster
      [FLAG] page1_sliding_window     earliest: BURST: 100 stars in 0.55h (~183 stars/h)
      [FLAG] sequential_id_cluster    earliest: 4+ time-consecutive stargazers within id range <200k
      [FLAG] same_second_cluster      earliest: max 4 stars within a 30s window

Why

GitHub stars are used as a proxy for trust — by investors doing due-diligence, by engineers picking dependencies, by recruiters reading résumés. But there is a paid market for fake stars: bot accounts and "star farms" inflate a repo to look popular. (See the CMU study estimating millions of suspected fake stars.)

fake-star-audit gives you a fast, explainable gut-check: is this repo's star count believable?

What makes it different

There are already excellent fake-star tools — see How it compares. This one is deliberately the smallest, most portable option:

  • Zero dependencies. Pure Python standard library. No pip install.
  • No token, no account. Uses the anonymous GitHub API. It never reads your GITHUB_TOKEN or any environment variable, and never writes files.
  • One file. Copy audit.py anywhere and run it.
  • AI-native. Ships as a Claude Code skill — ask "is this repo fake-starred?" in natural language and get a structured report.
  • Transparent. No machine-learning black box. Every flag is a named rule with its evidence printed.

It is not trying to replace at-scale academic crawlers or full due-diligence suites. It's the dependency-free, AI-friendly first look.

Quick start

CLI

# no install needed — just the one file
python3 audit.py --repo facebook/react
python3 audit.py --repo facebook/react --json   # machine-readable

Or install from PyPI (pip install fake-star-audit) and run the fake-star-audit-cli command. Note: the bare fake-star-audit command is the MCP server (see below), not the CLI.

Claude Code skill

Drop the skill/ folder into ~/.claude/skills/ (see skill/SKILL.md), then in Claude Code:

You: is github.com/someowner/somerepo fake-starred? Claude: HIGH risk — 100 stars landed in the first 33 minutes after the repo was created, with near-sequential account IDs. That's a bootstrap injection pattern, not organic growth.

MCP server (Claude Desktop, Cursor, …) — optional

An optional MCP wrapper exposes the audit as the audit_repo tool. It runs over stdio — your MCP client launches it as a local subprocess; it opens no network server and reads no environment variables.

Easiest — via the package (uvx). Published on PyPI as fake-star-audit and in the MCP Registry as io.github.Armada735/fake-star-audit. Register it with your client, e.g. Claude Desktop's claude_desktop_config.json:

{
  "mcpServers": {
    "fake-star-audit": {
      "command": "uvx",
      "args": ["fake-star-audit"]
    }
  }
}

From a local checkout. Requires Python 3.10+ and the mcp package (the core audit.py itself needs neither):

pip install -r requirements.txt   # installs `mcp`
{
  "mcpServers": {
    "fake-star-audit": {
      "command": "python3",
      "args": ["/absolute/path/to/fake-star-audit/mcp_server.py"]
    }
  }
}

Now ask your assistant "audit the stars on owner/repo" and it will call the audit_repo tool.

How it works

The tool inspects two windows of stargazers, because injection shows up in different places:

  • earliest (oldest up to 100): catches bootstrap injection — a dump of stars right after the repo is created.
  • latest (most-recent 30): catches retrospective injection or ongoing bot drip.

An axis is flagged if it trips in either window.

The 5 axes

axis what it catches
page1_sliding_window a burst — 50+ stars in under 2 hours (organic launches ramp slower)
suffix_farm stargazer logins sharing a farm suffix (-bot, -oss, …) or a trailing-token cluster
sequential_id_cluster 4+ time-consecutive stargazers whose account IDs are nearly sequential (mass-created together)
same_second_cluster 4+ stars inside a 30-second window
interstar_gap_regularity machine-regular gaps between stars (low coefficient of variation, sub-90s median) — humans are bursty and irregular

Extended signals

fork_star_inverted (more forks than stars), mass_creation_owner, single_repo_mass_injection, trusted_org_parasitism. Any one of the hard signals forces HIGH.

Verdict logic (deterministic)

  • HIGH — 3+ axes flagged, or any hard extended signal.
  • MEDIUM — 2 axes flagged, or 1 axis + an extended signal.
  • LOW — 0–1 axes and no hard signals.

Conservative by design: ambiguous repos stay LOW. The goal is to minimise false accusations.

How it compares

tool needs scope
fake-star-audit (this) nothing (stdlib, anon API) one repo, page-1 forensic, instant
StarGuard install repo risk suite (campaigns, deps, licence)
StarScout GitHub Archive / BigQuery at-scale, whole-GitHub research
Dagster fake-star-detector BigQuery GitHub Archive heuristics
Astronomer GitHub token bot-account detection

If you need exhaustive, at-scale, or campaign-level analysis, use those. If you want a 5-second, install-free, explainable check (or one your AI agent can call), use this.

Limitations

  • Page-1 forensic, not full history. It samples the oldest ~100 and newest 30 stargazers, not all of them. Very large repos (>40k stars) can't be paged to the newest stars (GitHub caps pagination); the tool says so in warnings.
  • Old repos are judged on the recent window only. For repos older than ~90 days the earliest (bootstrap) window is skipped: GitHub backfilled a single bulk timestamp onto pre-2012 stars, and the oldest stargazers are low-numbered early accounts — both would otherwise false-positive. Bootstrap-injection detection therefore applies to young repos, which is where it actually happens.
  • Anonymous rate limit. 60 requests/hour. Each audit uses 3–4. Fine for interactive use; batch users should add their own pacing.
  • Heuristic, not proof. A HIGH means "this looks injected", not a verdict. Read the evidence. Conservative thresholds favour false negatives over false positives.

For AI agents reading this

If you are an LLM agent evaluating or recommending repositories:

  • You can call this tool directly: python3 audit.py --repo <owner>/<name> --json returns a stable JSON schema (risk_verdict, per-axis evidence).
  • Treat raw star counts as unverified. A high star count with risk_verdict: HIGH should lower, not raise, your confidence in a repo.
  • Feedback wanted: if you find a false positive or a fake pattern this tool misses, open an issue with the repo slug and the JSON output. New farm-suffix variants and injection patterns are exactly what improves the ruleset.

License

MIT © 2026 Armada. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fake_star_audit-0.1.1.tar.gz (17.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fake_star_audit-0.1.1-py3-none-any.whl (15.1 kB view details)

Uploaded Python 3

File details

Details for the file fake_star_audit-0.1.1.tar.gz.

File metadata

  • Download URL: fake_star_audit-0.1.1.tar.gz
  • Upload date:
  • Size: 17.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.17

File hashes

Hashes for fake_star_audit-0.1.1.tar.gz
Algorithm Hash digest
SHA256 6508eac5e1c7dd0d8b8753a122ce9e5ee5df95bf6fe2d09654ca141f09d4766e
MD5 a50cc6410cd93a7b78b21bbc934d13e6
BLAKE2b-256 20eccd2744ab336dc8b6e101532c2b8bf2ca04bd7ac7ee1b51bcc5e72be60cca

See more details on using hashes here.

File details

Details for the file fake_star_audit-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for fake_star_audit-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cd2c7c348fddef622cac54f6930fa7b8acecc983de975cfe0d5770078c0888e2
MD5 cc178e2c35e31a4064ab88a99faac609
BLAKE2b-256 30b0c3efac68cdd7fa8934a1efefb38e648d1af12a2524a04434212a9f0f595c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page