One solution is to have a screensharing call with the contributor and have them explain their patch. We have already caught a couple of scammers who were applying for a FOSS internship this way. If they have not yet submitted anything non-trivial, they could showcase personal projects in the same way.

FOSS has turned into an exercise in scammer hunting.

▲

swordsith 3 hours ago | parent [-]

I'm not sure if I follow, are the PRs legitimate and they are just being made to buff their resume, or are PRs malicious?

	▲	Fogest an hour ago \| parent [-]
		They are becoming AI slop more and more likely in an attempt to buff their resumes by making it look like they contribute to a bunch of open source. Basically low effort low quality submissions for silly things that just waste maintainers time.