alt Hacker NewsOne solution is to have a screensharing call with the contributor and have them explain their patch. We have already caught a couple of scammers who were applying for a FOSS internship this way. If they have not yet submitted anything non-trivial, they could showcase personal projects in the same way.
FOSS has turned into an exercise in scammer hunting.
I'm not sure if I follow, are the PRs legitimate and they are just being made to buff their resume, or are PRs malicious?