I’ve seen a few of these – malicious repos to clone, fake call links that prompt for “driver” downloads, and so on.

The only way around it is to be hyper-vigilant if anyone asks you to run any untrusted code on your computer.