This recent project built on top of openclaw demonstrates how a bad actor could automate attacks on open source repositories using agents to submit malicious pull requests. Open source maintainers are already under attack and feeling the pressure from a huge rise in the number of slop submissions. In there stretched capacity they may accidentally let something through. We are talking about the automation of developer lead attacks similar to the one carried out on xz a couple of years ago, but automated and at large scale.
In my opinion this does not bode well for open source development or indeed software supply chains in general. Like Matt Taggart on Mastodon,. I worry that progress in this direction will lead to a dark forest web where development is carried out in isolated silos and nobody puts their head above the parapet.