[READ-ONLY] Mirror of https://github.com/bombshell-dev/automation. GitHub Actions for the Bombshell organization
ci
0

Configure Feed

Select the types of activity you want to include in your feed.

feat: add community flag and classification details (#16)

Thank you for building this! I was working on an action myself, but this
one seems to work pretty well, so I thought I would add a few things I
had in mind:

### Copy change
I have softened the text because this tool isn't foolproof and will make
errors. People shouldn't feel judged too harshly; we're simply analyzing
their events to identify potential patterns similar to automations.

### Community flags
I've added the [community
flag](https://github.com/MatteoGabriele/agentscan/blob/main/data/verified-automations-list.json)
by querying the JSON file in the AgentScan repo.

Let me know what you think 🙏

authored by

Matteo Gabriele and committed by
GitHub
(Mar 18, 2026, 9:05 PM EDT) 7415a425 a1553ceb

+50 -5
+50 -5
src/detect-agent.ts
··· 1 - import { identifyReplicant } from "voight-kampff-test"; 1 + import { identifyReplicant, getClassificationDetails } from "voight-kampff-test"; 2 2 import { setOutput } from "./utils"; 3 3 4 4 const jsonMode = process.argv.includes("--json"); 5 + const log = jsonMode ? console.error : console.log; 5 6 6 7 const { GITHUB_TOKEN, PR_AUTHOR } = process.env; 7 8 if (!GITHUB_TOKEN || !PR_AUTHOR) { ··· 44 45 events, 45 46 }); 46 47 47 - const isAgent = classification === "automation"; 48 + type AutomationListItem = { 49 + username: string; 50 + reason: string; 51 + createdAt: string; 52 + issueUrl: string; 53 + }; 54 + 55 + let verifiedAutomationList: AutomationListItem[] = [] 56 + 57 + try { 58 + const automationJSONPath = 'data/verified-automations-list.json' 59 + const response = await fetch( 60 + `https://api.github.com/repos/matteogabriele/agentscan/contents/${automationJSONPath}`, 61 + { headers }, 62 + ); 63 + 64 + if (!response.ok) { 65 + throw new Error(`Failed to fetch verified automations list: ${response.status}`); 66 + } 67 + 68 + const data = await response.json(); 69 + 70 + if ("content" in data) { 71 + const content = Buffer.from(data.content, "base64").toString("utf-8"); 72 + verifiedAutomationList = JSON.parse(content) 73 + } 74 + } catch (error) { 75 + log("Could not fetch verified automations list"); 76 + } 77 + 78 + const verifiedAutomation: AutomationListItem | undefined = verifiedAutomationList.find( 79 + (account) => account.username === PR_AUTHOR, 80 + ); 81 + 82 + const communityFlagDetails = { 83 + label: "Flagged by community", 84 + description: 85 + "This account has been flagged as potentially automated by the community.", 86 + } 87 + 88 + const hasCommunityFlag: boolean = !!verifiedAutomation; 89 + const details = hasCommunityFlag ? communityFlagDetails : getClassificationDetails(classification); 90 + 48 91 const flagsTable = flags 49 92 .map((f) => `| ${f.label} | ${f.points > 0 ? "+" : ""}${f.points} | ${f.detail} |`) 50 93 .join("\n"); 51 - const comment = `### 🤖 Automated account detected 94 + const comment = `### ${details.label} 52 95 53 - [@${PR_AUTHOR}](https://github.com/${PR_AUTHOR}) has been flagged as a likely automated account. 96 + [@${PR_AUTHOR}](https://github.com/${PR_AUTHOR}) ${details.description} 54 97 55 98 **Classification:** \`${classification}\` (score: ${score}) 56 99 ··· 60 103 61 104 <sub>Analyzed ${events.length} public events via <a href="https://www.npmx.dev/package/voight-kampff-test">voight-kampff-test</a></sub>`; 62 105 63 - const log = jsonMode ? console.error : console.log; 106 + 64 107 log(`Classification: ${classification} (score: ${score})`); 65 108 for (const flag of flags) { 66 109 log(` [${flag.points > 0 ? "+" : ""}${flag.points}] ${flag.label}: ${flag.detail}`); 67 110 } 111 + 112 + const isAgent = classification === "automation"; 68 113 69 114 if (jsonMode) { 70 115 console.log(JSON.stringify({ classification, score, isAgent, comment }));