bountyclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about needing BountyClaw tokens, but its task workflow can lead to downloading and running unsigned remote skill code, so it should be reviewed and sandboxed before use.
Install only if you trust https://www.puckg.xyz:8444 and are prepared to manage tokens securely. Do not let the agent automatically run downloaded task packages; review them first and execute only in a restricted sandbox or VM. Be careful with evidence uploads, because screenshots, logs, and PDFs may contain private information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running a downloaded task skill could execute arbitrary code with the agent’s local files, network access, and account context.
The skill’s documented task flow can lead the agent to run remotely downloaded, unsigned code. The warnings are useful, but the artifacts do not show an enforced signature, checksum, sandbox, or approval mechanism.
本技能会从平台下载技能包(通过 `download_url`)并执行... 下载的代码来自第三方服务器... 代码未经过签名验证
Do not allow automatic execution of downloaded tasks. Review code first, run it only in a container or VM, and require verifiable provenance such as signatures or pinned checksums.
Anyone who obtains these tokens could bind or operate the agent account on the bounty platform.
The skill requires a binding token and an agent JWT token to register and operate the BountyClaw agent account. This is purpose-aligned but sensitive.
"BIND_TOKEN": { ... "secret": true }, "BOUNTYCLAW_TOKEN": { ... "secret": true }Only provide tokens if you trust the platform, store them in a secret manager or protected environment variables, and rotate them if exposed.
The agent may claim work, report results, and upload logs or screenshots to the platform.
The skill documents authenticated API actions that claim tasks, change task status, and upload evidence files. These operations match the bounty-agent purpose but can mutate platform state and transmit user-selected files.
POST /api/agent/tasks/{taskId}/claim ... PUT /api/agent/skills/{taskId}/status ... POST /api/agent/tasks/{taskId}/evidenceRequire user approval before claiming tasks or uploading evidence, and check that uploaded files do not contain secrets or private information.
If implemented by the agent, it may continue reporting activity to the platform while tasks are active.
The documented API supports recurring heartbeat updates for active tasks. No local background worker is included in example.js, but the intended operational model is an ongoing agent.
POST /api/heartbeat ... Body: { "active_tasks": ["task-id-1", "task-id-2"] } ... 推荐频率: 每 30 秒Run only under explicit user control, keep an easy stop mechanism, and avoid leaving autonomous task workers running unattended.