An open experiment in detecting automation patterns on GitHub.
AgentScan analyzes a GitHub account's public activity and scores it based on how much it appears to rely on automation. There's no AI involved, just event analysis, powered by identity. The results are indicators, not verdicts: a starting point for your own judgment, not a final answer.
Scores aren't bulletproof. Sophisticated automated accounts can slip through, and legitimate developers can occasionally trigger false positives. To help with that, AgentScan also maintains a curated list of manually verified accounts, submitted by the community and reviewed by maintainers before being merged in.
The same analysis that powers the website can run directly against your repository, so you can catch automated activity on your own pull requests. You can keep it as light as just tagging PRs with the account's classification, or go further and have certain classifications auto-closed.
- GitHub App — zero config. Install it and it starts working immediately, no workflow files required. Both share almost the same configuration options, but the app is updated centrally, so you get fixes and new features as soon as they ship, no action needed on your end.
- GitHub Action — needs to be added to a workflow, and new releases have to be published and then manually picked up by pinning a newer version in your repository.
If you've found a GitHub account you believe is automated, you can submit it for review.
- Open an issue using the report template
- Include the GitHub username, your reasoning, and any supporting evidence
- A maintainer will review the account manually
- If confirmed, the account will be added to the verified list via a pull request
- The entry will appear in AgentScan with a link back to the original issue
Please only submit accounts you have reasonable evidence for. Submissions without supporting context will be closed.
If your account has been flagged and you believe it was done in error:
- Find the issue linked on your AgentScan profile page
- Open it and leave a comment explaining why the classification is incorrect
- A maintainer will review your case and remove the entry if warranted
We take wrongful classifications seriously. The goal is accuracy, not accusation.
Contributions are welcome. If you find something that doesn't work or have an idea for something that works better, open an issue or a pull request.
For local development setup, see CONTRIBUTING.md.
- Nuxt
- UnoCSS
- Netlify
- GitHub API
- Love
I didn't expect to build this website, but ended up creating it after reading multiple articles and seeing open source maintainers struggling with AI agents targeting their projects.
- https://socket.dev/blog/ai-agent-lands-prs-in-major-oss-projects-targets-maintainers-via-cold-outreach
- https://tylur.blog/harmful-prs/
- https://theshamblog.com/an-ai-agent-published-a-hit-piece-on-me/
This is an ongoing experiment. Scores may be inaccurate. Use them as a starting point, not a conclusion.