Fake Star Audit
@Armada735
Audits a GitHub repository's stargazers for signs of fake-star injection across five deterministic axes (burst, suffix-farm, sequential-id cluster, same-second cluster, inter-star gap regularity) over two windows (oldest 100 + newest 30), plus extended signals. Returns LOW / MEDI
Overview
What is Fake Star Audit?
A transparent, zero-dependency GitHub fake-star checker. It inspects a repository’s stargazer history via the anonymous GitHub API and returns a LOW / MEDIUM / HIGH risk verdict with every rule explained. Designed for investors, engineers, recruiters, and AI agents who need a fast, accountable gut-check on star count believability.
How to use Fake Star Audit?
The tool can be invoked as a standalone CLI (python3 audit.py --repo owner/repo), installed from PyPI (pip install fake-star-audit) and run as fake-star-audit-cli, or used as a Claude Code skill. Its optional MCP server exposes the audit_repo tool over stdio; register it in your MCP client (e.g., Claude Desktop’s config) with uvx fake-star-audit or a local path to mcp_server.py.
Key features of Fake Star Audit
- Zero dependencies – pure Python standard library
- No token, no account – uses anonymous GitHub API
- One-file portable
audit.py– just copy and run - AI-native – works as a Claude Code skill
- Transparent verdicts – every flag shows its evidence
- Conservative heuristics – minimises false accusations
Use cases of Fake Star Audit
- Due diligence for investors evaluating startup repositories
- Quick trust check for engineers choosing open-source dependencies
- Resume and portfolio verification for recruiters
- Automated repository assessment by LLM agents
FAQ from Fake Star Audit
What risks does it detect?
It flags 5 axes – burst injection, farm suffixes, sequential account IDs, same-second clusters, and machine-regular gaps – plus extended hard signals like fork-star inversion or single-repo mass injection. A deterministic rule combines them into a LOW / MEDIUM / HIGH verdict.
How does it compare to other fake-star tools?
Unlike at-scale research tools (StarScout, Dagster) or install-heavy suites (StarGuard, Astronomer), this tool is the smallest and most portable: no dependencies, no token, instant forensic check of a single repo’s first and latest stargazer windows.
Does it require a GitHub token or any environment variables?
No. It uses the anonymous GitHub API only and never reads a GITHUB_TOKEN or any environment variable.
What are its limitations?
It samples only the oldest ~100 and newest 30 stargazers (not the full history), skips the bootstrap window for repos older than ~90 days, is subject to the anonymous 60‑request/hour rate limit, and is heuristic – not proof of fakery.
How do I connect it to my MCP client?
For Claude Desktop, add to claude_desktop_config.json: command "uvx" with args ["fake-star-audit"]. Or from a local checkout, command "python3" with args pointing to mcp_server.py. The server runs over stdio.