On the one hand, one Raspberry Pi would not really suffice. As @theherk@lemmy.world argued, you would need legitimate email addresses, which would require either circumventing the antibot measures of providers like Google or setting up your own network of domains and email servers. Besides that, GitHub would (hopefully) notice the barrage of API requests from the same network. To avoid that and make your API requests seem legitimate, you would need infrastructure to spread your requests in time and across networks. You would either build and maintain that infrastructure yourself –which would be expensive for a single star-boosting operation– or, well, pay for the service. That’s why these things exist.

On the other hand, although bad programmers might use these services to star-boost their otherwise mediocre code, as you suggest, there are other –at least conceivable, if not yet proven– use cases, such as:

• the promotion of less secure software as part of supply chain attacks, with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example;
• typosquatting; and
• plain malware distribution.