@[email protected] that was a thing a few years ago. people were making pull requests to popular repos with a crypto miner action. i heard it was quite profitable, and that some people were making thousands of dollars on that. github even had to start requiring members of repo to manually allow running the actions for new contributors. now its mostly patched afaik - they detect miners by their patterns and network activity and such, so its no longer a thing really. and generally anti-fraud on github is much stronger these days.