I've seen a lot of maintainers complaining about being flooded with AI-generated PRs from people who don't even run the code locally. I built this to help filter the noise.
It doesn't use AI to scan code (which is unreliable and prone to false positives). Instead, it uses GitHub's API to check for behavioral "smoke signals": if a PR was submitted impossibly fast after a fork, or if the user is shotgunning PRs across dozens of unrelated repos. It leaves a triage report so the maintainer knows what they can safely ignore.
"Green: account older than 1 year — senior devs making first OSS contributions shouldn't be flagged" - this makes old accounts more valuable, suggesting account takeovers to flag accounts as valuable.
That's a fair point. Right now the logic assumes age equals trust, which is obviously a bit of a leap. It also has the side effect of flagging a real person who just created an account to make a legit contribution.
The goal here was just to catch the obvious burner accounts created yesterday. How would you handle this verification instead? Or would you just not use account age at all as an indicator? I'd love to make the logic more robust.
It doesn't use AI to scan code (which is unreliable and prone to false positives). Instead, it uses GitHub's API to check for behavioral "smoke signals": if a PR was submitted impossibly fast after a fork, or if the user is shotgunning PRs across dozens of unrelated repos. It leaves a triage report so the maintainer knows what they can safely ignore.