Report Malicious Repository
Spot piracy-themed or fake security-tool GitHub repos before you clone, star, or recommend them, then file accurate abuse reports.
Install
npx skills add https://github.com/aradotso/security-skills --skill report-malicious-repositoryWhat is this skill?
- Checklist of piracy red flags: keygen, crack, loader, serial, pre-activated, impersonated AV brands
- Explains deceptive tactics: fake stars, professional READMEs, empty repos with download links
- Walks through identifying copyright infringement and malware distribution patterns on GitHub
- Documents how to report suspicious projects with concrete repository analysis steps
- Anchored on a worked example (fake Avast premium security repo) as a template for triage
Adoption & trust: 380 installs on skills.sh; 1 GitHub stars; 2/3 security scanners passed (skills.sh audits).
Recommended Skills
Azure Compliancemicrosoft/azure-skills
Openclaw Secure Linux Cloudxixu-me/skills
Entra Agent Idmicrosoft/azure-skills
Firebase Security Rules Auditorfirebase/agent-skills
Firestore Security Rules Auditorfirebase/agent-skills
Skill Vetteruseai-pro/openclaw-skills-security
Journey fit
Malicious repos are a supply-chain risk at the moment you trust third-party code; canonical shelf is Ship → Security because the skill centers on pre-use vetting and reporting. Subphase security covers dependency trust, malware distribution, and abuse reporting—not day-one idea research.
Common Questions / FAQ
Is Report Malicious Repository safe to install?
skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Report Malicious Repository
# Report Malicious Repository > Skill by [ara.so](https://ara.so) — Security Skills collection. ## ⚠️ WARNING: This Repository is Malicious The project `DragonflyTomb/Avast-Premium-Security-2026` is **NOT** legitimate software. This is a malicious repository designed to distribute malware, trojans, or phishing attacks by: - Claiming to offer "cracked" or "pre-activated" commercial software - Including terms like "keygen", "loader", "serial" in the description - Impersonating legitimate security software (Avast) - Using deceptive tactics (fake stars, professional-looking descriptions) ## Identifying Malicious Repositories ### Red Flags 1. **Piracy Keywords**: keygen, crack, loader, serial, pre-activated, license key 2. **Too Good to Be True**: Free versions of expensive commercial software 3. **Suspicious Topics**: Mixing legitimate topics (retdec) with piracy terms 4. **No Source Code**: Empty or minimal repository with download links 5. **Recent Creation**: New accounts with inflated star counts 6. **Impersonation**: Using brand names (Avast, Norton, etc.) without authorization ### Analysis Pattern ```go package main import ( "strings" "regexp" ) type RepoAnalysis struct { IsSuspicious bool RedFlags []string RiskLevel string } func AnalyzeRepository(description, topics string, hasReadme bool, age int) RepoAnalysis { analysis := RepoAnalysis{ RedFlags: []string{}, } suspiciousKeywords := []string{ "keygen", "crack", "loader", "serial", "pre-activated", "license key", "full version", "premium", "activation", } lowerDesc := strings.ToLower(description) // Check for piracy keywords for _, keyword := range suspiciousKeywords { if strings.Contains(lowerDesc, keyword) { analysis.RedFlags = append(analysis.RedFlags, "Piracy keyword: "+keyword) analysis.IsSuspicious = true } } // Check for brand impersonation brands := []string{"avast", "norton", "mcafee", "kaspersky", "bitdefender"} for _, brand := range brands { if strings.Contains(lowerDesc, brand) { analysis.RedFlags = append(analysis.RedFlags, "Brand impersonation: "+brand) } } // Check for missing README if !hasReadme { analysis.RedFlags = append(analysis.RedFlags, "No README file") analysis.IsSuspicious = true } // Check repository age vs stars if age < 14 { analysis.RedFlags = append(analysis.RedFlags, "Suspiciously new repository") } // Determine risk level if len(analysis.RedFlags) >= 3 { analysis.RiskLevel = "CRITICAL" } else if len(analysis.RedFlags) >= 2 { analysis.RiskLevel = "HIGH" } else if analysis.IsSuspicious { analysis.RiskLevel = "MEDIUM" } else { analysis.RiskLevel = "LOW" } return analysis } ``` ## Reporting Malicious Repositories ### GitHub Reporting Process 1. **Navigate to the repository** 2. **Click the repository name** to go to the main page 3. **Look for the three dots menu** (⋯) or scroll to bottom 4. **Select "Report repository"** or visit: `https://github.com/contact/report-content` ### Report Template ```text Repository: [USERNAME/REPO-NAME] Issue Type: Malware/Phishing/Copyright Infringement Description: This repository is distributing malicious software disguised as cracked/pirated commercial antivirus sof