I wouldn't say he's scammer, unless he find critical vulnerability on Bitcoin Core to execute arbitrary script when you load the wallet. But obviously it's very unlikely. It would makes sense if people accuse him as troll who enjoy other people wasting their time/resource.
Yes, or it could be a valid wallet.dat but encrypted with a very strong password in bitcoin core (for ex more than 20 random chars).
the proprietary can sold him claiming that the password is accessible with few resources but it fact it is waste of time