🏆 Notable contributions
Popular open-source repos they've shipped to (commits + PRs)
Score breakdown
🛠 Featured work
Their own popular and pinned repositories
ATrace is a tool for tracing execution of binaries on Windows.
C++Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
CPS / Bash / Python / Other scripts For FUN!
PowerShellCompiler exploits and exploitable non-obvious source code back doors.
C++# Ollama<=>Ollama Inference Cluster
Pythonfork from http://hashlib.codeplex.com
C++🧬 Stack & domains
🧬 Most similar developers
Closest profile, nearby score
🔥 Full roast
🔥 10-year OSS veteran whose only standout original project is EhTrace, padding the rest of his contribution count with self-promotional awesome-list adds and big-name repo edge-case fixes — half of thos
K2 — 79.40/100 · SOLID (Solid · Trustworthy)
TL;DR: Long-tenured, low-drama contributor with one legit standout original project and verified core work in popular repos, but leans on self-promotional list additions and trivial edge-case fixes to pad his contribution count — trustworthy, but his home-grown portfolio is far narrower than the raw numbers suggest.
| Dimension | Score | Notes |
|---|---|---|
| Account maturity | 10/10 | Registered 10.54 years ago, active across 12 distinct contribution years with no long dormancy gaps. A genuine long-term platform user, not a recent signup chasing contribution badges. |
| Original project quality | 12.1/18 | Total 513 stars across 15 original repos, 242 of which belong to EhTrace (quality score 0.82, actively maintained C++ binary tracing tool with real security community traction). The rest of his original repos are niche, low-star side projects with no broad adoption — the entire star count is effectively carried by one tool. |
| Contribution quality | 17.1/27 | 9 merged PRs total, 13 total PRs; 2 maintainer-closed unmerged PRs, 0 author-closed external PRs, 0 author-closed own-repo PRs. No PR farming or self-close shenanigans, but 4 of his 9 recent merged PRs are trivial: 3 are self-promotional awesome-list adds of his own inVtero.net project, 1 is a self-repo revert. The contribution count is padded with low-effort list edits that take 2 minutes and a copy-paste. |
| Ecosystem / maintenance impact | 17.3/20 | All-time 5 PRs + 8 commits into ★70k+ popular repos; verified samples include core build fixes for amd/xdna-driver and fuzz integration for google/oss-fuzz, with 1 unverified contribution to Textualize/rich. The verified core work is solid and targets high-star, high-impact repos, but 13 total PRs over 10 years is not exactly a torrent of upstream impact. |
| Community influence | 6.5/8 | 192 followers, 67 following, a healthy 2.9:1 follower ratio. Modest for a 10-year veteran with a popular original project, but no evidence of follower farming or artificial influence padding. |
| Activity authenticity | 16.4/17 | 1,091 contributions in the last year, last activity 24 days ago, 4 distinct activity types (commits, PRs, issues, reviews). Recent activity is consistent and not bot-like, though the trivial PR share suggests some contribution padding to hit annual contribution targets. |
| Red flags |
- 3 of 9 recent merged PRs are self-promotional, 1-2 line edits adding his own inVtero.net project to third-party awesome forensics/malware analysis lists (trivial, no substantive content added)
- 1 all-time popular-repo contribution (to Textualize/rich) lacks file-level quality verification
- No bot behavior, PR flooding, star inflation, or malicious contribution patterns detected. Score calibration No extra adjustment. The base score already accounts for the mix of strong core contributions, a high-quality original project, and minor trivial PR padding — no additional bump or haircut was needed. Verdict Normal, trustworthy contributor with a solid but narrow footprint. His core engineering work is real and verified, but his public contribution profile leans a little too heavily on self-promotional list edits and trivial fixes to inflate his contribution count — not a security or trust risk, just not as substantive as the raw 1,091 annual contribution number suggests.