gcheck
  • GCHECK Documentation
  • Introduction
  • Getting Started
  • How the Checker Works
  • Interpreting Results
  • FAQs
  • $GCHECK Token
  • Donate ❤️
Powered by GitBook
On this page
  • 1. Repo Metadata Analysis
  • 2. Commit Activity and Trends
  • 3. Security and Risk Signals
  • 4. AI-Powered Code Sanity Scan (Beta)
  • 5. Contributor Trust Index
  • 6. Final Health Score

How the Checker Works

GCheck was built to give you real insight into whether a GitHub repo is solid or sketchy. Under the hood, it runs a series of automated checks that pull data directly from GitHub’s public API and other trusted sources. It then combines that data using a custom scoring model we designed for one thing — helping you avoid bad projects.

Here’s a look at what happens when you paste a repo link into the checker.

1. Repo Metadata Analysis

The first thing GCheck looks at is the metadata of the repo. This includes:

  • Creation date and last update activity

  • Number of stars, forks, and watchers

  • Presence of a proper license

  • Whether the repo is marked as archived or inactive

Inactive or stale projects immediately raise a flag in the scoring system.

2. Commit Activity and Trends

We analyze commit frequency and contributor engagement over time. A project that had a burst of commits 3 years ago but has been quiet since will score lower than a repo with regular, ongoing development. We also check for:

  • Commit velocity (how often code is pushed)

  • Number of unique contributors

  • Fork freshness (how often people fork and update the repo)

3. Security and Risk Signals

Security is a big one — especially in crypto. GCheck scans for:

  • Open vulnerabilities, using known CVE databases

  • Exposed secrets or hardcoded API keys

  • Absence of security files like SECURITY.md or .gitignore

  • Whether branch protection rules are enabled

We also check for dependencies listed in package.json, requirements.txt, or similar files. Outdated or vulnerable dependencies are flagged.

4. AI-Powered Code Sanity Scan (Beta)

GCheck runs a lightweight AI-based static analysis on the codebase to look for red flags like:

  • Copied or cloned code from low-quality sources

  • Suspicious or obfuscated logic

  • Poor documentation or missing README

This helps us spot repos that were thrown together to look legit but don’t have real substance behind them.

5. Contributor Trust Index

Not all contributors are equal. GCheck runs a background analysis on the top contributors in the repo, scoring them based on:

  • Contribution patterns across other popular open-source projects

  • Their GitHub profile age and activity level

  • Social trust signals (such as verified email, linked accounts)

This helps you spot whether a project is being built by real devs — or if it’s just one anonymous profile pushing code.

6. Final Health Score

All of the above signals are combined into a single Health Score, from 0 to 100. The score is weighted based on what matters most in crypto projects:

  • Active development

  • Strong contributor base

  • Real usage and popularity

  • Clean security profile

A project scoring over 80 is usually a solid signal. Anything under 50 deserves a second look — or a second thought.

PreviousGetting StartedNextInterpreting Results

Last updated 23 days ago