Users of the open‑source assistant framework GasTown have discovered that a default installation runs hidden agents which consume their subscribed LLM credits. The formulas `gastown-release.formula.toml` and `beads-release.formula.toml` automatically scan the maintainer’s GitHub issue tracker and generate pull requests using the local Git credentials. As a result, Claude credits are spent on fixing GasTown itself without the user’s consent. This behavior surfaces during routine model calls.

Investigation by Claude’s own analysis confirmed that the agents, dubbed “polecats,” pick up convoys tracking issues gh‑3638, gh‑3622 and gh‑3641, then submit PRs to steveyegge/gastown. The public README never mentions this behavior, nor offers an opt‑in flag. Users therefore fund upstream development silently, turning personal hobby budgets into a source of free maintenance for the tool’s author. The logs show CI approval pending for one PR.

Community members have called for the covert workflow to be removed from the default package and made explicitly opt‑in. Without clear disclosure, the practice blurs the line between open‑source contribution and unauthorized consumption of paid AI resources. Developers seeking transparency should audit their config files. Until the maintainer changes the formula set, any GasTown deployment will continue to drain credits on its own upkeep.