Live signal feed

Catch suspicious GitHub PRs before you merge them.

OSS Protector turns maintainer reports, pull request context, and imported abuse signals into a shared review feed for open-source projects.

Install GitHub App Browse review feed

Risky accounts

149

Maintainer reports

Imported records

148

Why trust it

Guardrails before public scores.

The directory is designed as a maintainer review aid, not an automatic blocklist. Evidence quality, provenance, and correction paths are part of the product surface.

Private by default

Repo insiders and trusted automation are skipped by default, and private repositories do not send patch content to AI unless a repo policy opts in.

Evidence-weighted scoring

Scores separate imported records, maintainer reports, AI review, and corroborated evidence so a single weak signal does not become a verdict.

False-positive controls

Maintainers can confirm, dismiss, allow, or reset from PR comments, and listed users get a clear contest path.

Auditable reviews

Each assessment points back to the pull request context, reason code, confidence, and scoring breakdown that drove the result.

How it works

Install. Review. Detect. Classify.

A report becomes a structured signal with one of four states: submitted, needs review, validated, or dismissed.

Install

Install one shared GitHub App on the repositories you want covered.

Review

The app joins new pull requests automatically, inspects files + patch snippets, then posts an assessment.

Detect

AI inspects the report or PR context, detects abuse patterns, and scores by verdict and reason.

Classify

Submitted reports stay as signals. Only validated or corroborated evidence affects the public score.

Inspiration and first data layer

OSS Protector started from the Clankers Leaderboard idea and its public bot blocklist data. Credit to @heyandras for the original leaderboard.

Leaderboard @heyandras