Skillv1.0.0

ClawScan security

Auto Bounty Hunter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 3:16 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description promises full automated GitHub claiming and PR submission, but the shipped files omit the core evaluation/submission components and do not declare the GitHub credentials or CLI dependencies it actually requires.
Guidance: This skill is inconsistent and should be treated cautiously. Key issues: (1) The code uses the GitHub CLI (gh) and jq and needs a GitHub-authenticated account to comment/claim/create PRs, but the registry declares no required binaries or credentials—so running it as-is will fail or may rely on preconfigured local credentials you didn't intend to use. (2) The SKILL.md promises full automation (claiming and submitting PRs), but the package is missing evaluator.sh and any PR-submission code—the implementation is incomplete. Before installing or running: - Do not schedule cron or enable autonomous runs until you review and test thoroughly. - Require DRY_RUN=true and AUTO_CLAIM=false while auditing. - Verify presence and provenance of gh and jq on the host; prefer installing them manually from official sources. - Use a disposable or limited-scope GitHub account/token for testing (least privilege). - Inspect or request the missing evaluator.sh and submission code to confirm what it would post to issues/PRs. - Consider ethical and platform-policy implications: automated claiming/submitting across others' repos can violate contribution policies or be considered abusive. If the author cannot explain the missing pieces and properly declare required credentials and binaries, do not run it.

Review Dimensions

Purpose & Capability: concernThe skill claims to fully automate discovery, claiming, and PR submission on GitHub. The scripts use the GitHub CLI (gh) and jq, and will need an authenticated GitHub identity to comment/claim/create PRs, yet the registry metadata declares no required binaries or credentials. That mismatch (no GH token or gh/jq declared) is disproportionate to the stated purpose and is incoherent.
Instruction Scope: concernSKILL.md instructs running the automation and setting up cron to run the script continuously and describes auto-claim/auto-submit behaviors. The actual code (bounty_hunter.sh and tracker.sh) implements scanning, evaluation scaffolding, and queueing, but there is no evaluator.sh or any submission/PR-creation implementation in the provided files—so the instructions promise actions the code does not implement. The scripts also will call gh to inspect repos and PRs and could comment/claim (if submission code were present), which is an externally impactful operation that requires explicit credential handling that is not declared.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes supply-chain install risk. However, the scripts rely on external binaries (gh, jq) and assume they are present and authenticated; those dependencies are not declared in the registry metadata or SKILL.md. That omission is a practical installation/operation gap the user must address before use.
Credentials: concernThe scripts will require an authenticated GitHub identity (gh uses local auth or GH_TOKEN) to perform claims/comments/PR operations, but the skill declares no required environment variables or primary credential. Requiring GitHub credentials is proportionate to the purpose, but they must be explicitly declared and minimized; the absence of any declared credential is a red flag. Additionally, the skill writes data and logs into the user's workspace (queue/history/log), which is expected but worth noting.
Persistence & Privilege: noteThe skill is not marked always:true. It can be invoked autonomously (platform default). Autonomous invocation plus the ability to perform external actions (comment/claim/PR on GitHub) increases blast radius if the missing credential handling or automation toggles are misconfigured; combine that with the other inconsistencies before enabling autonomous runs or cron scheduling.