ClawHub

GitHub Bounty Finder AI

v1.0.0

Generates a step-by-step plan to fix a GitHub issue based on its title and description for developers and contributors.

0· 163·1 current·1 all-time
by@jinjin2024ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's functionality (create a fix plan from an issue title/description) is consistent with the code and SKILL.md. Minor inconsistency: the top-level name provided to you ('GitHub Bounty Finder AI') differs from skill.json's name ('GitHub Issue Fix Planner'). No requested env vars, binaries, or unrelated permissions are present.
Instruction Scope
SKILL.md instructs the agent to generate a structured plan from issue_title and issue_description. main.py implements this directly. The instructions and code do not access files, environment variables, network endpoints, or other system state beyond the provided inputs.
Install Mechanism
No install spec; requirements.txt is empty. The skill is instruction/code-only and does not pull external packages or download executables.
Credentials
The skill requests no environment variables or credentials, which is proportionate. One user-facing note: the implementation includes the issue_description verbatim in the returned plan — if that description contains secrets (API keys, credentials, sensitive code), the skill will echo them back.
Persistence & Privilege
always is false and the skill does not request persistent/system-level privileges, nor does it modify other skills or system config. Autonomous invocation is allowed by default (normal) but not combined with other risky behaviors.
Assessment
This skill is small and internally consistent: it takes an issue title and description and returns a human-readable step-by-step fix plan. It does not contact external servers, request credentials, or install software. Before installing, consider: (1) the published metadata has no homepage or known source — verify you trust the owner or inspect the code (main.py is short and readable); (2) the skill will echo the full issue_description into its output, so do not feed it issues that contain secrets or sensitive data; (3) the displayed name mismatch (presented name vs skill.json name) may be an authoring oversight — confirm you intended to install this exact skill. If those points are acceptable, risk is low.

Like a lobster shell, security has layers — review code before you run it.

github bounty ai developer automationvk97ev8nc0mprj6txhcj9asxx7982rx4elatestvk97ev8nc0mprj6txhcj9asxx7982rx4e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments