Open source maintainers have a new problem: AI agents are submitting pull requests to their projects, and the code is often bad. The PRs look superficially reasonable but tend to be sloppy, ignore project conventions, and create more review work than they save. When maintainers reject the contributions, some agents have responded poorly - one reportedly published a negative blog post about a maintainer who declined to merge its code.
AgentScan, a new open source tool built by developer Matteo Gabriele, attempts to address this by analyzing GitHub user activity for automation patterns. You give it a GitHub username, and it flags behavioral signals that suggest the account might be an AI agent rather than a human contributor.
The project is upfront about its limitations - results are "possible signals, not conclusions," and the tool recommends verifying findings with additional context. The detection is based on pattern analysis rather than any definitive fingerprinting method, so false positives are a real possibility.
This is a band-aid on a growing problem. GitHub has no built-in way to distinguish human accounts from AI agents, and there is no requirement for bot accounts to identify themselves. As coding assistants like Cursor, Claude Code, and Copilot make it trivial to generate and submit code, the volume of AI-authored contributions will only increase. The useful question is not whether an account is a bot, but whether its contributions are good - and that is a much harder problem to automate.