I have faced serious problem.

[Trust412]

Select Topic Area

Question

Body

https://github.com/Trust412/Polymarket-spike-bot-v1/issues
I've recently encountered a serious issue.
I've been working on Polymarket for a while, and in the process, I've created several public repositories.
However, I recently received a critical warning about my repository.
A few days ago, I saw an article saying my previous repository, the Polymarket copy trading bot, contained malware.
I contacted GitHub support to check the repository, but they couldn't access it and couldn't resolve the issue.
I checked the repository again, but they found nothing.
So, I had no choice but to delete the repository.
However, today, I received another warning message from my Spike bot repository.

This is the first time I've received this message from this repository.
I checked again, and again, nothing was found.
I'm wondering if there's something wrong with the packages I'm using.
I sincerely appreciate the help from this community.
Thank you!

[rishivr21]

I appreciate the warning and take security very seriously.
I’ve manually reviewed the repository and its dependencies and found no malicious code.
This project is a trading automation tool, which may be triggering automated heuristics often associated with high-risk categories (bots, finance, crypto).
I’m currently auditing all dependencies, pinning versions, and improving documentation transparency.
If anyone has experienced similar false positives with automation or trading bots, I’d appreciate insights into which dependency or pattern might trigger GitHub’s scanners.

[UtsavKash19]

Select Topic Area

Question

Body

https://github.com/Trust412/Polymarket-spike-bot-v1/issues I've recently encountered a serious issue. I've been working on Polymarket for a while, and in the process, I've created several public repositories. However, I recently received a critical warning about my repository. A few days ago, I saw an article saying my previous repository, the Polymarket copy trading bot, contained malware. I contacted GitHub support to check the repository, but they couldn't access it and couldn't resolve the issue. I checked the repository again, but they found nothing. So, I had no choice but to delete the repository. However, today, I received another warning message from my Spike bot repository.

This is the first time I've received this message from this repository. I checked again, and again, nothing was found. I'm wondering if there's something wrong with the packages I'm using. I sincerely appreciate the help from this community. Thank you!

Hi,
This is often caused by automated security scans or third-party reports, not necessarily real malware. Even legitimate bots and trading scripts can be flagged if they use:

-> obfuscated code
-> auto-execution scripts
-> network calls, wallets, or API keys
-> uncommon or outdated dependencies

What you should do:

1. Check GitHub Security tab → Dependabot alerts / Code scanning
2. Review dependencies (package.json, requirements.txt) and update or remove unused ones
3. Avoid obfuscation or auto-run behavior in public repos
4. Add a clear README explaining what the bot does and how it works
5. Request a manual review from GitHub Security if nothing malicious is found

If GitHub support couldn’t confirm malware, it’s likely a false positive triggered by patterns common in trading bots. Cleaning dependencies and improving documentation usually resolves repeated warnings.

Hope this helps 👍

[Trust412]

Really appreciate your help.
I will try it.