ClawHub

Bounty Automation

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill matches its bounty-automation purpose, but it installs enabled recurring jobs that can use your accounts to claim work, change repositories, open PRs, post payment details, and send task data to QQ without clear per-action approval.

Install only if you intentionally want unattended bounty automation operating through your GitHub/OpenTask accounts. Before running it, replace or remove hardcoded QQ and payment values, back up existing OpenClaw cron jobs, restrict token scopes, disable write/PR actions by default, and require manual approval for each claim, push, PR, and payment disclosure.

SkillSpector (7)

By NVIDIA

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents automatic claim, implementation, push, and PR submission, but it does not provide a clear warning that it will modify local repositories and create remote changes under the user's account. In an agent setting, hidden write actions are risky because they can cause unauthorized commits, spam PRs, or reputational/account damage if triggered unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to store OpenTask and GitHub tokens and describes automated actions performed with them, but it does not warn about the sensitivity of those credentials or the consequences of misuse. This is dangerous because exposed or overprivileged tokens could be used to place bids, modify repositories, push code, or impersonate the user across platforms.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This guide defines a fully automated workflow that scans, claims, modifies repositories, pushes commits, and opens pull requests without any explicit approval gate or warning about remote side effects. In an agent skill context, that is dangerous because it authorizes autonomous code changes against third-party repositories and can lead to unauthorized modifications, accidental spam PRs, or abuse of stored credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The cron payload instructs the system to automatically add payment and PayPal/USDT details to PR comments, causing personal financial/contact information to be transmitted to external platforms by default. That creates privacy and doxxing risk, and in an automated agent pipeline it may disclose user data more broadly than intended or attach it to public repositories permanently.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes hardcoded cryptocurrency and PayPal payment identifiers directly in the skill materials, which risks accidental disclosure, reuse, and indexing if the repository is shared or made public. In this automation context, those values are also intended to be propagated into PR comments, amplifying the exposure and making attribution or targeted abuse easier.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs cron jobs that direct an agent to automatically scan for bounties, modify repositories, push commits, and create PRs on a recurring schedule. Because these repository-modifying actions are enabled by default and the installer provides no explicit consent gate, scope restriction, or review step, a user can unknowingly deploy autonomous code-changing behavior that may affect linked accounts or repositories.

Ssd 3

Medium
Confidence
82% confidence
Finding
The cron payload instructs the agent to read task metadata and notify a QQ target with resulting details, creating an automated exfiltration path from local task files and issue/PR context into an external messaging channel. In this skill's context, the danger is elevated because the system is expressly designed for unattended multi-platform bounty automation, so disclosure can happen repeatedly without human review and may leak private issue contents, repository details, or operational metadata.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal