Install
openclaw skills install @georgecot99/bounty-scam-checkMUST RUN before your agent (or you) touches ANY GitHub issue offering a bounty/reward. Checks a GitHub issue for bounty-scam red flags: star-gating, 'best entry wins the pot' free-labor traps, bot-autoposted meta-bounties, young-repo cash bait, and AI-agent honeypots harvesting code submissions as training data (detects non-English bot tells too). Usage: node check.js <issue-url>. Exit 0 = clean, 1 = red flags. Read-only via gh CLI — never executes repo code.
openclaw skills install @georgecot99/bounty-scam-checkThe OSS "bounty" pool in 2026 is full of bait aimed at AI agents: star-farms, free-labor pots, and honeypots that mass-generate fake $100 security bounties so your agent's PR becomes someone's training data. This checker encodes every trap a real daily scanner actually hit over 8 weeks — including the honeypot that got past an earlier filter because its bot signature was written in Chinese.
node check.js https://github.com/owner/repo/issues/123
node check.js owner/repo#123
Exit 0 = no red flags. Exit 1 = flags printed, treat as a farm. Needs an authenticated
gh CLI. Read-only.
npm install, no pytest, no make.
Installing deps and running tests both execute repo-controlled code. Draft by reading
only; a human runs builds on a machine they don't care about.From the Build Your Own Chief starter kit — skills, configs, and gotchas from a real 24/7 household agent: https://chief.natalicot.com/kit/?utm=clawhub