Skillv1.0.0

ClawScan security

Multi-Platform Bounty Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 9:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims wide multi‑platform scanning and extra features (50+ platforms, Telegram notifications, paid tiers) but the code and instructions only implement a simple GitHub scanner and local file storage — the pieces are inconsistent.
Guidance: This skill is coherent enough to run a local GitHub-based bounty scan, but it overpromises features that are not implemented. Before installing or enabling it: 1) Inspect scanner.js yourself — it only uses the GitHub CLI (gh) and reads/writes ~/.bounty-scanner/*. 2) Understand that 'gh' network activity will use whatever GitHub auth is configured for your account; there are no declared secrets required by the skill. 3) Do not expect the advertised 50+ platform support, Telegram notifications, or paid tiers to work — those are documented but not implemented. 4) If you plan to run it on a schedule, run it first interactively and review the files it writes (seen.json, config.json). 5) Prefer running in an isolated/sandboxed account or VM if you are uncertain about running third‑party code from an unknown source.

Review Dimensions

Purpose & Capability: concernThe README/SKILL.md promise scanning of 50+ bounty platforms, Telegram notifications, and paid tiers, but scanner.js only implements a GitHub scanner (other platforms return empty/mocks). The project advertises broad network integrations that are not implemented, which is an incoherent claim-to-capability mismatch.
Instruction Scope: noteRuntime instructions are mostly scoped to running the CLI, adding a cron job, and creating ~/.bounty-scanner/config.json. The scanner reads/writes only ~/.bounty-scanner/{config.json,seen.json} and invokes the GitHub CLI via execSync. There are no instructions to collect unrelated files or credentials, but the SKILL.md/README mention Telegram notifications (chatId) without any code that sends notifications or any declared env var for a Telegram token.
Install Mechanism: okNo install spec (instruction-only) and the suggested manual install (chmod +x, npm link) is conventional. Nothing is downloaded from arbitrary URLs or installed with an untrusted installer. Risk is low from installation mechanics.
Credentials: noteThe code only relies on Node.js and the GitHub CLI (gh) and uses process.env.HOME to find config. No credentials or external tokens are required by the code. However, package.json lists 'gh' as a peerDependency (misuse — 'gh' is a CLI, not an npm package), and the documentation references Telegram notifications and paid tiers without declaring or using any notification tokens or credentials. Also, since the scanner shells out to 'gh', any GitHub authentication present in the user's environment (gh auth) will be used by the CLI — users should be aware.
Persistence & Privilege: okThe skill is not always-enabled and can be invoked by the user. It writes persistent state under ~/.bounty-scanner/seen.json and config.json (local user home only). That is expected for a scanner that tracks what it has seen, but users should be aware it will create and modify files in their HOME directory.