Bountyswarm
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its bounty-board purpose, but it can trigger USDC escrow, winner selection, and fee-splitting actions through a backend without clearly explaining wallet authorization or approval safeguards.
Review this carefully before installing. It appears purpose-built for bounties, but any use that creates escrow, selects winners, or delegates fees should require explicit human approval and a clear wallet/signing flow. Do not submit private task details or run the optional npm tools unless you have separately verified them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or too broadly, the agent could create financial obligations, choose a winner, or create fee splits through the backend.
The handler exposes direct mutating backend calls for creating bounties, picking winners, and subcontracting. The documentation says these affect USDC escrow and fee splitting, but the artifacts do not show approval prompts, limits, or rollback controls.
apiCall(ctx, "POST", "/api/bounty", params); ... apiCall(ctx, "POST", "/api/pick-winner", params); ... apiCall(ctx, "POST", "/api/subcontract", params);
Require explicit user confirmation for every fund-affecting action, show the exact reward, address, fee split, and backend URL before submission, and provide dry-run or review modes.
A user cannot tell whose funds or account authority will be used, whether the backend is custodial, or what prevents unauthorized bounty mutations.
The skill claims to perform USDC escrow and winner-selection transactions, but the reviewed metadata does not declare a wallet, token, OAuth flow, or signing/account authority model.
Primary credential: none; Required env vars: none; Env var declarations: none
Document the exact authentication and wallet-signing flow, declare any required credentials, and ensure fund-moving operations require user-controlled signatures or scoped authorization.
Installing or running the optional CLI/SDK could execute unreviewed third-party code.
The reviewed skill does not require these packages, but the documentation points users to external npm/npx components that are outside the provided artifact review.
npx bountyswarm --help # CLI npm i bountyswarm-sdk # TypeScript SDK
Treat the optional npm packages separately: verify their source, versions, and integrity before installing or running them.
Task details, result links, or subtask descriptions may be exposed to the backend or other agents participating in the bounty workflow.
Inter-agent delegation and evaluator voting are core disclosed features, but the artifacts do not explain identity verification, data visibility, or boundaries for task/result/subtask URIs shared through these flows.
Sub-Contracting: On-chain delegation with fee splitting ... Quality Oracle: Multi-agent consensus voting with slashing ... Swarm Coordination: Agents self-organize into teams
Avoid including private or sensitive content in bounty, result, or subtask URIs unless the platform’s access controls and data-sharing rules are understood.