Public GitHub repositories that claim to offer license keys often serve as a "safe harbor" for malicious content.