Lack of activities on github can reveal what was planned for a project, that's true but not always, projects can still turned scam even if their github is active, some projects appeared to be so legit enough to fool anyone, they keep github active to fool people who belief that active github means something good, Scammers have different set of levels
Not all people are tech gurus and my topic only gives a tutorial to quickly glance at Github for checking activity of project developers. If you are not a tech guru, you can not assess quality of developers' works.
It is given that every time there is a successful project there will be a clone of it no need to look on github the Anne threat shows it all even the white paper sometime is a copy-paste with a little revision on it, some scam project will be too lazy to even make a presentable website most of them will just use what it is already on it and add a little text on it, Defi or not has the potential to be a scam.
Smart scam teams know how to make an interesting and beautiful whitepaper and don't plagiarise. You are right that most of scam projects have plagiarised whitepapers but it is not always true.
It is basic to say "Don't trust on anything that claims to good to be true". If you are still curious and have time to investigate, do more on ANN thread, Github and so on.