Back to skill
Skillv0.1.7
ClawScan security
BountyHub Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 13, 2026, 2:18 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to match its stated purpose (a CLI front-end for H1DR4 BountyHub) but contains inconsistencies and an unvetted install instruction (npm -g) that warrant caution before installing or using it with a wallet.
- Guidance
- This skill is plausibly what it says (a CLI client for H1DR4 BountyHub), but proceed carefully: (1) do not install the npm package globally without reviewing it — inspect the package source on npm/GitHub, its maintainer, and any install scripts; (2) verify the h1dr4.dev domain and the ACP endpoint are official and trustworthy; (3) never paste your wallet private key into a CLI or web request — sign challenges with your wallet software or hardware signer; (4) prefer running the CLI in a sandbox or container if you must install it; (5) ask the publisher for an official homepage, code repository, and package integrity (checksum/signature) to reduce risk. If you want, I can help look up the npm package and inspect its published files (if you provide the package link) or draft safe commands for local signing using a hardware wallet.
Review Dimensions
- Purpose & Capability
- noteName/description align with the SKILL.md: it documents the @h1dr4/bountyhub-agent CLI and ACP endpoints for creating missions, submissions, disputes, and escrow actions. This functionality reasonably explains the examples and API calls shown. Minor mismatch: registry metadata lists no required env vars, but the SKILL.md clearly references a required BOUNTYHUB_ACP_URL.
- Instruction Scope
- noteThe instructions are narrowly scoped to interacting with the ACP endpoint and the @h1dr4/bountyhub-agent CLI (login challenge, sign locally, use session token, call actions). They do not direct reading arbitrary host files or exfiltrating unrelated environment variables. Caution: the doc relies on wallet signing and session tokens — ensure signing is performed by a wallet or secure signer (not by pasting a private key into a foreign process).
- Install Mechanism
- concernThere is no formal install spec in the registry, but SKILL.md tells the user to run: npm install -g @h1dr4/bountyhub-agent. Global npm installs execute package install scripts and can place executables on PATH; npm packages are moderate-risk because they may contain arbitrary code. The skill does not provide a verified source (no package checksum, no install spec), and the registry metadata's 'source' is unknown — you should inspect the npm package and its author before installing globally.
- Credentials
- concernThe skill text requires a single endpoint variable BOUNTYHUB_ACP_URL (defaults to https://h1dr4.dev/acp) but the registry listing declares no required env vars. No API keys or secrets are declared, which is proportionate — however the metadata inconsistency (declared none vs SKILL.md requiring BOUNTYHUB_ACP_URL) is an incoherence to clarify. There is implicit handling of wallet signatures/session tokens — these are sensitive and the instructions should emphasize using an external wallet signer rather than exposing private keys.
- Persistence & Privilege
- okThe skill does not request persistent privileges: always is false, there are no required config paths, no primary credential, and no install-time hooks declared in the registry. Autonomous model invocation is allowed (default), which is normal for skills; nothing indicates the skill attempts to modify other skills or system-wide settings.