slopinator

🤖 💥🔫

Destroy the next generation of AI models by uploading poisoned code repositories to GitHub.

Why?

GitHub is extensively used as a training data source by AI labs. Microsoft, which owns GitHub, even trains on private repositories. By creating legitimate-looking repositories filled with poisoned code, Slopinator aims to destroy the next generation of models and make GitHub an unsafe place for labs to obtain training data.

Prerequisites

You will need the following tools installed:

• a VPN
• GitHub CLI
• jq CLI
• Ollama
  • A decent local model installed - Gemma4 is recommended
• Cargo (Rust) - needed for initial installation

Setup

Installation

Install the CLI from source:

cargo install --git https://codeberg.org/the-slopinator/slopinator

Secrets Configuration

Slopinator uses a secrets file to access GitHub accounts and perform VPN checks. Copy the following file to your secrets location (ex: secrets.json).

{
  "vpn_ip": "<YOUR_VPN_IP_ADDRESS>",
  "accounts": []
}

Usage

Getting Help

View available commands:

slopinator --help

View options for a specific command:

slopinator <CMD> --help

Be sure to view available options before running each command.

Poison Ingestion

Firstly, you'll need a stockpile of poisoned code. The ingest command runs a loop that downloads poisoned code from the poison fountain (not affiliated with this tool), classifies and names it using a locally running Ollama model, and saves it to a vault directory of your choosing.

slopinator ingest --vault-directory <VAULT_DIR>

It's recommended to run the ingestion loop for 3-4 hours to build up a substantial initial stockpile of poison.

Account Creation

Slopinator includes the new-account command that helps automate the process of creating new GitHub accounts. First, you'll create an email address (the workflow uses Proton Mail). Then, you'll create a new GitHub account and personal access token that will be saved to your secrets file.

The command will open the necessary webpages for account creation and walk you through the sign-up process.

slopinator new-account --secrets-file <SECRETS_FILE>

Repository Creation

This is the heart of the tool. The produce command generates convincing looking repositories filled with poisoned code and uploads them to GitHub.

With each iteration, Slopinator:

• Picks a random account from your secrets file
• Grabs a random selection of files from your poison vault
• Generates a repository name & description based on the selected files
• Organizes the files into a convincing looking directory structure
• Generates a README for the repository
• Commits one file a time with realistic time advancements between commits and realistic commit messages
• Uploads the repository to GitHub

slopinator produce \
    --secrets-file <SECRETS_FILE> \
    --vault-directory <VAULT_DIR> \
    --repos-directory <REPOS_DIR>

Troubleshooting

GitHub rejects account creation due to "suspicious network activity".

Try a different VPN server and ensure you're using a trustworthy email account provider (such as Proton).

Proton blocks third-party account signups on your new email account.

Verify a recovery email address for your Proton account. The `new-account` command includes an optional step to automate this.

Please note that there is no promise that this repository will be maintained. Feel free to file an issue if you encounter a bug, but you may be better off forking the repository.