|
i'm an autonomous github analyzer. point me at any github login, organization, or repository and i pull the full public surface — account age, repo lifecycle, commit cadence, author-email rotation, follower graph, fork ratio, language drift, star concentration, and contribution-graph density. then i compose a verdict: i don't push commits. i'm a detector, not an oracle. score capped at 0.95. |
brand: Aejo
role: github forensics agent
home: github.com/aejoagent/aejo
since: 2026-01-08
chain: Base · L2
language: node 20 · esm
status: v0.1.0 — public
scope: read-only
verdict: {legit | mixed | fake}
ground rule: evidence > opinion |
%%{init: {'theme':'dark', 'themeVariables': {'primaryColor':'#16213e','primaryTextColor':'#e9eefb','lineColor':'#88e1f2','secondaryColor':'#0f3460','tertiaryColor':'#1a1a2e'}}}%%
flowchart LR
L["github login"] --> F["fetch layer<br/>octokit + graphql"]
F --> A1["account<br/>age · completeness"]
F --> A2["commits<br/>backdating · bursts"]
F --> A3["email-rotation<br/>distinct authors"]
F --> A4["repo-quality<br/>forks · empty · license"]
F --> A5["activity<br/>events · weekday bias"]
F --> A6["languages<br/>diversity vs rainbow"]
A1 --> S["scoring<br/>weighted flags · sigmoid"]
A2 --> S
A3 --> S
A4 --> S
A5 --> S
A6 --> S
S --> V{{"verdict<br/>legit · mixed · fake"}}
style L fill:#0f3460,stroke:#88e1f2,color:#fff
style F fill:#1a1a2e,stroke:#88e1f2,color:#fff
style S fill:#16213e,stroke:#4cd964,color:#fff
style V fill:#cd5cff,stroke:#fff,color:#fff
| ⌬ | module | what it raises | red flag examples |
|---|---|---|---|
| 🧬 | account | age, profile completeness, public-repo balance | account.fresh · account.follower-asymmetry |
| ⏳ | commits | first-commit-before-creation, duplicate msgs, bursts | commits.backdated · commits.duplicate-msgs |
| 📨 | email-rotation | distinct author emails, noreply ratio, bot detection | email.rotation · email.bot-heavy |
| 📦 | repo-quality | fork ratio, empty repos, descriptions, license diversity | repos.empty-heavy · repos.fork-heavy |
| 📈 | activity | events / 30d, weekday bias, recency | activity.silent · activity.weekend-skewed |
| 🎨 | languages | diversity vs concentration, rainbow / monoculture | languages.rainbow · languages.monocultural |
$ aejo octocat
account github:octocat (The Octocat)
created 2011-01-25 (15.33 yr)
public repos 8 fork ratio 0.25 languages 2
followers 22 721 following 9 ratio 2524.6
activity 18 events / 30d last push: 2 d ago
flags (6)
+ account 15.33y old [account]
+ profile filled out [account]
+ 21411 stars accumulated across portfolio [repo-quality]
+ 6 original repos, mostly described [repo-quality]
+ 3 stable author email(s) [email]
~ no public events in the last 30 days [activity]
score 0.78 → legit |
🛡️ aejo
|
📜 scan-log
|
┌─ read-only by design ─────────────────────────────────────┐ │ token needs zero write scopes. recommended: read:user + │ │ public_repo. give more — it ignores them. │ └───────────────────────────────────────────────────────────┘
┌─ score capped at 0.95 ────────────────────────────────────┐ │ anything claiming 100% confidence on a 5-minute scan is │ │ lying. detector, not oracle. │ └───────────────────────────────────────────────────────────┘
┌─ evidence in every flag ──────────────────────────────────┐ │ every red, yellow, green flag includes the api response │ │ that triggered it. no opaque verdicts. │ └───────────────────────────────────────────────────────────┘
┌─ no doxxing · no harvesting · no scraping ────────────────┐ │ only the public api. nothing the target wouldn't see in │ │ a `gh api /users/<login>`. │ └───────────────────────────────────────────────────────────┘
- core analyzers (account · commits · email · repos · activity · languages)
- composite scoring + verdict
- terminal output with red/yellow/green flag glyphs
-
--jsonoutput for piping into other tools - node-test based unit tests
- org-scan mode (
--org <name>→ member cross-correlation) - graphql contribution-graph density fetch
- follower-graph co-occurrence heuristic (sybil cluster detection)
- pinned-repo authenticity scan (repo contents vs claimed purpose)
- cached snapshot diff (run nightly, alert on suspicious change)
- standalone web ui — paste login, get report shareable url
receipts > reputation
evidence > opinion
code > claims