Stop reviewing
bot noise.
OSS Protector is a community-run GitHub App that flags AI-generated spam pull requests before they hit your review queue. Free, transparent, and built by maintainers, for maintainers.
or browse the public feedFor every one person fixing a real bug, fourteen are farming a contribution badge.
Maintainers are quitting. Not from the work — from reviewing the work that isn't work. Here's last Tuesday in a real OSS inbox.
"I logged in on Tuesday. I had 47 notifications. One was from a human. I closed the laptop and didn't open it again that week."
Three signals. One decision. Always public.
We never act on a single signal. Every flag combines account heuristics, diff pattern matching, and cross-repo correlation — and every flag is reviewable by anyone.
Creation date, prior commits, bio patterns, handle entropy. The account is the easiest tell — most bots don't bother hiding.
The shape of the patch itself. LLM-authored PRs have a distinctive vocabulary, indentation, and comment style we can match.
One PR is a data point. A hundred PRs across a hundred unrelated repos is a fingerprint. We see the whole graph.
No black box. See exactly why a PR got flagged.
Confidence is a weighted sum of six independent signals. You see the full breakdown on every PR — and you can audit our weights on GitHub.
What GitHub shows you. What you actually need to see.
"Hello! I noticed a small typo in the README and wanted to help. Let me know if you'd like any other improvements!"
Every flag is public. Every report leaves a trail.
Every flag links the account to the maintainers who reported it and the repositories it affected. Disputes are open, dismissals are tracked, false positives are surfaced.
Quiet by default. Loud when it matters.
OSS Protector never touches your PRs — no bot comments, no status checks. Flagged contributors land in your notifications and dashboard queue, ready to confirm, dismiss, or allow in one click.
@autopr-helper-99 opened a PR on acme/web. The account was created 27 days ago and has filed 184 PRs across 142 repositories. The diff signature matches the "helpful-assistant v3" template family.
Reported by @evanw, @kentcdodds, and 3 others.
Three buttons. Three seconds.
Confirm: adds the account to the shared blocklist for your repos.
Dismiss: clears it from your queue. We learn from it.
Allow author: marks them as trusted in your repos forever. Whitelist, not blocklist.
Quietly working across 1 repository.
Free. For everyone. Forever.
OSS Protector is run by maintainers, for maintainers. No paid tiers, no enterprise plan, no upsell. If you want to support the project, sponsor us on GitHub, but the tool stays free for everyone.
Sponsor the project