Open source maintainers drowning in low-quality, AI-generated pull requests finally have a new weapon. Slopper, a GitHub Action created by developer malvads, scores every PR from 0 to 10 using six heuristic signals and contributor profiling—all without making a single API call to detect machine-generated code.

How It Works

Slopper analyzes pull requests using behavioral fingerprints rather than direct AI detection. The system tracks comment density, slop vocabulary patterns, verbose identifiers, docstring bloat, boilerplate ratios, and structural patterns common in LLM output. This approach means zero ongoing costs for maintainers while still catching the telltale signs of spray-and-pray contributors firing off AI-generated PRs across dozens of repositories. The tool goes beyond just analyzing code content—it profiles entire contributor histories. Account age, PR volume, merge ratios, and cross-repo activity all feed into a "spray score" designed to flag accounts that shotgun low-quality contributions across the ecosystem. New accounts under 30 days old or those pushing more than 10 PRs within a week get automatically labeled as risky.

Community Blocklist and Maintainer Commands

Slopper maintains a community-driven blocklist of known slop accounts, fetched at runtime from a shared source. Maintainers can permanently ban offenders by commenting /slopper report on any PR—this closes the pull request and adds the user to the repo's local .slopper banned list. Conversely, trusted contributors can be whitelisted with /slopper vouch, skipping all analysis for their future submissions.

Configurable Actions and Thresholds

The tool supports auto-close, auto-approve, or automatic review requests based on configurable risk thresholds. Default settings trigger medium-risk alerts at a score of 5 and critical flags at 8, but maintainers can tune these values in the .slopper configuration file. The system integrates with five AI providers—OpenAI, Anthropic, Vertex AI, Groq, and Gemini—for optional enhanced analysis when teams want deeper insights.

Label Taxonomy

Slopper applies deterministic labels that never require AI judgment calls. Risk levels (low through critical) are based on score thresholds, while specific flags mark likely AI-generated content (fingerprint >= 70), spray-and-pray behavior (>60 spray score), new accounts, activity bursts, CI/CD modifications, and dependency changes.

Key Takeaways

  • Zero API costs for heuristic-based detection makes it accessible to any project budget
  • Contributor profiling across GitHub catches coordinated spam campaigns hitting multiple repos
  • Community blocklist means one project's ban protects the entire ecosystem
  • Deterministic labels avoid AI picking its own classification criteria

The Bottom Line

This is exactly what the open source community needed—pragmatic tooling that acknowledges the AI slop problem without requiring expensive subscriptions or privacy-invasive API calls. Slopper won't catch everything, but it's a solid first line of defense for maintainers who are tired of wading through machine-generated garbage to find real contributions.