tg12

tg12 / phantomstars

Public

Automated detection and tracking of fake engagement on GitHub — daily CI, zero infrastructure

astroturfing automation bot-detection fake-engagement fake-stars
14
0
85% credibility
Found May 18, 2026 at 27 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

phantomstars is an automated watchdog that detects fake engagement on GitHub. Every day, it scans trending repositories and newly-created projects to find accounts that are boosting popularity through fake stars and forks. It analyzes each suspicious account's profile, finds groups of bots acting together in coordinated campaigns, and creates notifications on affected repositories so maintainers know their engagement numbers are artificially inflated. The tool runs completely in the cloud using free GitHub automation, maintains a public ledger of all findings, and even lets legitimate users report false positives if they're mistakenly flagged.

How It Works

1
🔍 You discover fake stars on your repo

You notice suspicious accounts flooding your project with stars, but can't tell if they're real or bots.

2
📂 You fork the project to your account

You copy the tool to your own GitHub account so it can run automatically and save results to your data.

3
🔑 You connect your GitHub account

You give the tool permission to read public repository data and create notifications on your behalf.

4
Everything runs automatically every day

The tool wakes up each morning, checks trending repos, and analyzes every account that gave them stars.

5
The tool decides what happens next
📊
If fake accounts are found

The tool adds them to a public list and creates an issue on the suspicious repo so the owner knows.

If everything looks clean

The tool quietly records the data and waits for tomorrow's scan.

6
📈 You check your dashboard

You open your copy of the project and see a clear report showing which repos are being targeted and by how many fake accounts.

🛡️ You have proof of fake engagement

You now have documented evidence of bot campaigns targeting repositories, with account details and timestamps that maintainers and GitHub can act on.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 27 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is phantomstars?

Phantomstars is a Python tool that runs daily via GitHub Actions to catch fake engagement inflating repository stars. It scrapes trending repos, pulls recent star/fork events through the GitHub API, fetches account metadata via GraphQL, and scores every engaging account using heuristics around account age, profile completeness, and repository patterns. When it detects coordinated bot campaigns—clusters of suspicious accounts all engaging within a 3-hour window—it files GitHub Issues directly on the targeted repositories so maintainers see the evidence in their own issue tracker. All findings get appended to a JSONL ledger and a live dashboard updates in the README.

Why is it gaining traction?

The project tackles a problem that is getting worse: entire trending sections are now dominated by repos with 100% fake engagement ratios. What sets this apart is the zero-infrastructure approach—just fork, add a personal access token, and the daily scan runs itself. The campaign detection algorithm using timestamp clustering and union-find is where the real signal lives. A single suspicious account is noise; forty accounts created the same week, all starring the same repo within 90 minutes, is evidence. The direct issue-filing on affected repos is the killer feature: maintainers get actionable intelligence without needing to run anything themselves.

Who should use this?

Open source maintainers who notice suspicious star patterns on their projects will find the notification system valuable. Developers vetting third-party dependencies or evaluating what to trust on GitHub can query the suspects ledger to check if a project's engagement looks legitimate. Security researchers studying AI slop distribution will appreciate the longitudinal data accumulating in the JSONL files. If you're a casual GitHub user with no specific concern about fake engagement, this isn't for you.

Verdict

This is a credible, working solution to a documented problem, with a credibility score of 0.8500000238418579% and the honest transparency to match. At 14 stars it's early and community adoption is minimal, but the tool has been running in production and the README shows real scan data with repos at 100% fakeness ratios. The documentation is thorough, false positive handling exists, and the architecture is sound. Worth watching or running on a fork if you care about engagement integrity on GitHub.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.