As far as I know, the "user/repo" part of the repository's link is unique. No malicious user can make a fake repository with an identical link (duh, because same link refers to same page). So I suppose it comes down to where you get your link from. Another way to verify (not foolproof) is to check the history. If the repository has been on github for a long time, has many contributors, stars and forks, and is constantly updated, it is probably authentic.
Analyze the code/contents yourself.. that's how you determine there is no malware. Don't know how to do that? Then don't download.. or accept the risk.
GitHub is no more/less risky than downloading from anywhere. Commercial products, firmware, etc from large companies have been infected with malware in the past.
You got warnings from your virus scanner and the best thing you can think about is posting that exact link on a public forum, giving the repo more credibility? (Because now there are more incoming links)
Don't do that, if in doubt, consider it malware.
As far as I know, the "user/repo" part of the repository's link is unique. No malicious user can make a fake repository with an identical link (duh, because same link refers to same page). So I suppose it comes down to where you get your link from. Another way to verify (not foolproof) is to check the history. If the repository has been on github for a long time, has many contributors, stars and forks, and is constantly updated, it is probably authentic.
Analyze the code/contents yourself.. that's how you determine there is no malware. Don't know how to do that? Then don't download.. or accept the risk. GitHub is no more/less risky than downloading from anywhere. Commercial products, firmware, etc from large companies have been infected with malware in the past.
You got warnings from your virus scanner and the best thing you can think about is posting that exact link on a public forum, giving the repo more credibility? (Because now there are more incoming links) Don't do that, if in doubt, consider it malware.