This is scary. I always reject PRs from bots. The idea of auto-merging code would never enter my head.

I think dependency audit tools like Snyk should flag any repo which uses auto-merging of code as a vulnerability. I don't want to use such tools as a dependency for my library.

This is incredibly dangerous and neglectful.

This is apocalyptic. I'm starting to understand the problem with OpenClaw though... In this case it seems it was a git hook which is publicly visible but in the near future, people are going through be auto-merging with OpenClaw and nobody would know that a specific repo is auto-merged and the author can always claim plausible deniability.

Actually I've been thinking a lot about AI and while brainstorming impacts, the term 'Plausible deniability' kept coming back from many different angles. I was thinking about impact of AI videos for example. This is an angle I hadn't thought about but quite obvious. We're heading towards lawlessness because anyone can claim that their agents did something on their behalf without their approval.

All the open source licenses are "Use software at your own risk" so developers are immune from the consequences of their neglect.