Skip to content

stephenywilson/GitHub-AI-Code-Inspector

BranchesTags

Repository files navigation

GitHub AI Code Inspector

A Chrome extension for inspecting AI-generated GitHub repos and risky PRs directly inside GitHub.

This repository contains the public community edition of GitHub AI Code Inspector.

Open a GitHub repository, pull request, or file page, launch the side panel, and scan for suspicious package scripts, risky workflows, hidden Unicode, leaked secrets, MCP/tooling risks, and AI-generated code smells.

Built by Catalayer.

GitHub is filling up with AI-generated and vibe-coded pull requests. Many look clean in the diff, but quietly introduce workflow vulnerabilities, lifecycle scripts that execute on install, hidden Unicode characters used in Trojan Source attacks, or skeleton code that compiles but does nothing.

GitHub AI Code Inspector adds a Chrome side panel to GitHub that detects the page type — repo, pull request, file, package.json, workflow file, MCP/agent config — and runs a one-click risk scan tailored to that context. No external service required.

GitHub AI Code Inspector Chrome side panel showing Critical risk for a PR with pull_request_target and hidden Unicode

What's new in v0.3

  • Native GitHub page detection — repo, PR, PR Files, single file, package.json, lockfiles, workflow files, MCP / agent configs
  • One-click PR scan — reads the PR diff from GitHub using your existing browser session; manual paste is now a fallback only
  • File scan mode — scan a single file or config from its GitHub blob page
  • MCP / Agent config risk — detects suspicious tool descriptions, prompt-injection-like text, hard-coded credentials in MCP/Agent configs
  • Secrets / Token detection — GitHub PATs, AWS keys, OpenAI/Anthropic-style keys, Slack tokens, private key blocks
  • Redesigned risk report — Summary card (Overall Risk · Risk Score · Scan Type · Coverage · Recommendation), grouped finding categories, Safe Signals, copyable Markdown report
  • Copy Markdown Report — one-click clipboard copy for pasting into a PR comment manually (no OAuth, no auto-comments)

Why this exists

  • AI tools (Claude Code, Codex, Cursor, Cline) generate code fast — and sometimes generate code that compiles but is unsafe to run, or pulls in installer scripts you don't want executing on your machine
  • Reviewing every line of every AI-generated PR is impractical; this extension surfaces the highest-risk patterns first
  • It runs entirely in your browser — no code is sent to an external service
  • It is rule-based, not AI-powered. It detects known dangerous patterns. It is not a substitute for human review.

Install

Chrome Web Store (listing pending review — check back soon)

Until the listing is live, install manually as a developer build:

git clone https://github.com/stephenywilson/github-ai-code-inspector
cd github-ai-code-inspector
npm install && npm run build
# In Chrome: chrome://extensions/ → Developer Mode → Load unpacked → apps/extension/dist/

See docs/extension-install.md for step-by-step instructions.

Source code: This repository contains the open-source code for GitHub AI Code Inspector under the Apache-2.0 license. The Chrome Web Store is the primary install channel for end users.

How It Works

  1. Install from Chrome Web Store (or load as a developer build)
  2. Open any GitHub repository, pull request, or file in Chrome
  3. Click the extension icon to open the GitHub AI Code Inspector Chrome side panel
  4. The side panel detects the page type and shows the right primary action
  5. Click the action — one button, no manual setup required for most pages
  6. Review the risk report — grouped by category, with Safe Signals and a copyable Markdown summary

Supported scan modes

Page detected Primary action What it scans
Repository home (github.com/owner/repo) Scan this Repo README, package.json, lockfiles, workflows, .env, MCP / agent configs, suspicious source patterns
Pull Request (/pull/N) Scan this PR Full unified diff via your existing GitHub session
PR Files Changed (/pull/N/files) Scan Changed Files Same as above
Single file (/blob/...) Scan this File Hidden Unicode, suspicious commands, secrets, AI code smells
package.json blob Scan Package Risk Lifecycle scripts, suspicious script commands, suspicious dependencies
package-lock.json / pnpm-lock.yaml etc. Scan Lockfile Lockfile change reminder + secrets sweep
.github/workflows/*.yml Scan Workflow Risk pull_request_target, secrets: inherit, permissions: write-all, unpinned actions, `curl
MCP config (mcp.json, *.mcp.json, .mcp/*, claude_desktop_config.json) Scan MCP Config Shell-as-MCP-command, -c inline scripts, remote `curl
Agent config (Claude.md, .cursorrules, .clinerules, agents.md, etc.) Scan Agent Config Same as MCP plus instruction patterns

If a page can be only partially analyzed, the report is labeled "Partial scan based on visible GitHub page data".

Risk categories

Category What it detects
Workflow Risk pull_request_target, secrets: inherit, unpinned actions, shell injection, broad permissions
Package Risk postinstall/preinstall/prepare lifecycle scripts, suspicious dependency names, lockfile changes
Suspicious Commands eval(), new Function(), `curl
Hidden Unicode / Trojan Source U+202E RIGHT-TO-LEFT OVERRIDE, U+200B ZERO WIDTH SPACE, directional isolates
Secrets / Token Patterns GitHub PATs, AWS keys, OpenAI / Anthropic keys, Slack tokens, PEM private keys
MCP / Agent Tooling Risk Suspicious tool descriptions, prompt injection, hard-coded creds, auto-approval flags
AI-generated Code Smells TODO / FIXME density, unimplemented stubs, placeholder text

Risk Levels

Level Meaning
🔴 Critical Block merge. Manual security review required.
🔴 High Do not merge until reviewed.
🟡 Medium Review before merging.
🟢 Low Standard review is enough.

Example report

## GitHub AI Code Inspector Report

Overall Risk: HIGH
Risk Score: 60 / 100
Scan Type: Pull Request
Scan Coverage: Full
Target: stephenywilson/example PR #42
Scanned: 2026-05-06

### Recommendation
Do not merge until reviewed.

### Findings

#### Package Risk
- 🔴 HIGH: package.json adds "postinstall" lifecycle script (package.json:18)
  - Why it matters: postinstall runs automatically during npm install.
  - Recommended action: Confirm the script is necessary.

#### Workflow Risk
- 🟡 MEDIUM: Unpinned action: actions/checkout@v4 (.github/workflows/ci.yml:14)
  - Why it matters: Tags can be moved.
  - Recommended action: Pin to a full commit SHA.

### Safe Signals
- No obvious secret patterns detected
- No hidden Unicode detected

---
Built by Catalayer.

Privacy

  • No GitHub OAuth required in v0.3
  • No repo write permission is requested
  • No automatic PR comments — the markdown report is copied to your clipboard for you to paste manually if you want
  • Diff scans run in your browser. Your code is not sent to any external server
  • Repo scans use the GitHub public API only, the same API GitHub uses for its own pages
  • Optional GitHub token can be added in side panel settings to raise the API rate limit from 60/hr to 5,000/hr. The token is stored in browser local storage only and is sent only to api.github.com / raw.githubusercontent.com
  • Manual paste mode scans only the diff text you pasted

Extension Permissions

Permission Why it's needed
sidePanel Opens the Chrome side panel on GitHub pages
tabs Reads the current tab URL to detect repo/PR/file context
activeTab Sends the PR diff fetch request to the GitHub tab
storage Stores optional GitHub token and panel state in browser local storage
contextMenus Adds "Inspect this repo" to the right-click menu on GitHub pages
Content script on https://github.com/*/* Detects SPA navigation and fetches PR diffs using your own GitHub session — avoids needing a github.com/* host permission
https://api.github.com/* Fetches public repo metadata (repo scan mode only)
https://raw.githubusercontent.com/* Fetches raw file contents for repo / file scan

No broad host permissions are requested. GitHub.com and the GitHub API are the only external resources accessed.

Limitations

  • The scanner is rule-based, not AI-powered. It detects known patterns. It cannot reason about novel attack vectors.
  • All findings are signals for human review, not automated verdicts. High-risk findings must still be reviewed by a developer.
  • Repo scan requires GitHub API access; subject to 60 requests/hour unauthenticated. Add an optional token in side panel settings for 5,000/hour.
  • Private repository scanning requires a GitHub token with repo scope.
  • PR diff fetch requires the user to be logged into GitHub (uses the user's existing GitHub session).

Advanced: Optional CLI Companion

The CLI is a standalone companion tool for terminal and CI usage. It is not the primary product.

# Scan a PR diff in your terminal
npx github-ai-code-inspector scan-pr pr.diff

# JSON output
npx github-ai-code-inspector scan-pr pr.diff --json

# Markdown report saved to file
npx github-ai-code-inspector scan-pr pr.diff --markdown --output report.md

# Block CI on high or critical risk (exits 1)
npx github-ai-code-inspector scan-pr pr.diff --fail-on-high

The CLI uses the same scanner engine as the Chrome side panel and produces identical results.

Development

# Clone
git clone https://github.com/stephenywilson/github-ai-code-inspector
cd github-ai-code-inspector

# Install dependencies
npm install

# Build Chrome extension
npm run build

# Typecheck everything
npm run typecheck

# Build optional CLI
npm run build:cli

# Run CLI smoke tests
npm run smoke

Load apps/extension/dist/ as an unpacked extension in Chrome Developer Mode.

For full install documentation, see docs/extension-install.md.

GitHub Releases

GitHub Releases contain pre-built extension zips for developer manual install only. End users should install from the Chrome Web Store (link above once approved).

Project Structure

github-ai-code-inspector/
  apps/
    extension/           Chrome extension (primary product)
      dist/              Built extension — load this in Chrome
  packages/
    scanner/             Shared scanner engine
      src/               v1 repo scanner (GitHub API)
      src/v2/            v2 diff + file scanners (browser-safe, no fs)
    cli/                 Optional CLI companion (npm: github-ai-code-inspector)
  fixtures/              Test PR diffs and example repos
  docs/                  Documentation and assets

Community Edition

This repository contains the public community edition of GitHub AI Code Inspector.

v0.3.0 includes:

  • Native GitHub page detection
  • One-click PR scanning
  • File scan mode
  • package.json risk checks
  • GitHub Actions workflow checks
  • MCP / agent config checks
  • Secrets-like pattern detection
  • Safe Signals
  • Copyable Markdown reports

Advanced scanning modes may be developed separately as part of the Catalayer product line.

The community edition remains useful for local GitHub repo, PR, file, package, workflow, and MCP/agent risk inspection.

Roadmap

The public community edition will focus on:

  • Stability improvements
  • Browser compatibility
  • Rule quality improvements
  • Documentation
  • Chrome Web Store release updates

Advanced repo intelligence and deeper review automation may be developed separately as part of the Catalayer product line.

License

Apache-2.0 — see LICENSE.

Built with a Catalayer-inspired developer interface. | Report an issue

About

Inspect AI-generated GitHub repos and PR diffs for risk signals directly inside GitHub.

Resources

Readme

License

View license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

GitHub AI Code Inspector v0.3.0 — Native GitHub Scan Mode Latest
May 5, 2026

Packages

 
 
 

Contributors

Languages