A zero-dependency GitHub repo scanner that exposes a single `audit_repo` tool to check whether a repository's stars look organic or injected. It pulls the oldest 100 and newest 30 stargazers via the anonymous GitHub API and runs five heuristics: burst detection, sequential account IDs, farm login suffixes, same-second clusters, and interstar gap regularity. Each flag comes with named evidence, and the verdict (LOW/MEDIUM/HIGH) is deterministic. Reach for this when you're evaluating dependencies or doing due diligence and want a quick explainable gut check without installing libraries or burning API tokens. It won't catch sophisticated campaigns but it will surface bootstrap injections and obvious bot farms in under five seconds.
claude mcp add --transport stdio armada735-fake-star-audit -- uvx fake-star-audit