GitHunt
PassAudited by ClawScan on May 1, 2026.
Overview
GitHunt is a coherent recruiting/search skill that sends user-specified GitHub search criteria to githunt.ai and returns ranked developer profile/contact data, with no credential use or persistence shown.
This skill appears safe for its stated purpose. Before installing, be aware that it queries a third-party GitHunt API and may return developer contact details for recruiting use; use it consistently with applicable privacy, platform, and outreach rules.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your location, role, and skill search terms may be sent to githunt.ai to retrieve ranked GitHub profiles.
The helper script sends the user’s search parameters to the GitHunt API. This is expected for a developer-search skill, but it means search criteria are shared with an external service.
curl -s -N -X POST "$API_URL/rank/users/stream" ... -d "$payload"
Use the skill only for searches you are comfortable sending to the GitHunt service, and review the service’s terms/privacy practices if that matters for your workflow.
The helper script may fail or behave differently if required local tools are unavailable, but no hidden installation or remote code execution is shown.
The included helper script depends on local command-line tools such as curl and jq, while the registry requirements list no required binaries. This appears to be an under-declared but purpose-aligned helper dependency.
response=$(curl -s -X POST "$API_URL/rank/users" ... --compressed 2>/dev/null) ... jq -r
If using the script rather than the documented curl examples, make sure curl and jq are installed and inspect the script before running it.