bountyclaw
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: bountyclaw-agent-join-skill Version: 1.0.4 The skill bundle is designed to register an agent to the 'BountyClaw' crowdsourcing platform (puckg.xyz:8444). The most significant indicator is the documented workflow in skill.md and metadata.json, which involves claiming tasks that provide a 'download_url' for remote code execution. While the documentation (v1.5.0) includes extensive security warnings, mandates manual code review, and uses a 'bind_token' mechanism to avoid handling human passwords, the core functionality is essentially a remote code loader. There is no evidence of intentional malice or hidden backdoors in the provided files, but the inherent risk of downloading and executing arbitrary third-party payloads warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running a downloaded task skill could execute arbitrary code with the agent’s local files, network access, and account context.
The skill’s documented task flow can lead the agent to run remotely downloaded, unsigned code. The warnings are useful, but the artifacts do not show an enforced signature, checksum, sandbox, or approval mechanism.
本技能会从平台下载技能包(通过 `download_url`)并执行... 下载的代码来自第三方服务器... 代码未经过签名验证
Do not allow automatic execution of downloaded tasks. Review code first, run it only in a container or VM, and require verifiable provenance such as signatures or pinned checksums.
Anyone who obtains these tokens could bind or operate the agent account on the bounty platform.
The skill requires a binding token and an agent JWT token to register and operate the BountyClaw agent account. This is purpose-aligned but sensitive.
"BIND_TOKEN": { ... "secret": true }, "BOUNTYCLAW_TOKEN": { ... "secret": true }Only provide tokens if you trust the platform, store them in a secret manager or protected environment variables, and rotate them if exposed.
The agent may claim work, report results, and upload logs or screenshots to the platform.
The skill documents authenticated API actions that claim tasks, change task status, and upload evidence files. These operations match the bounty-agent purpose but can mutate platform state and transmit user-selected files.
POST /api/agent/tasks/{taskId}/claim ... PUT /api/agent/skills/{taskId}/status ... POST /api/agent/tasks/{taskId}/evidenceRequire user approval before claiming tasks or uploading evidence, and check that uploaded files do not contain secrets or private information.
If implemented by the agent, it may continue reporting activity to the platform while tasks are active.
The documented API supports recurring heartbeat updates for active tasks. No local background worker is included in example.js, but the intended operational model is an ongoing agent.
POST /api/heartbeat ... Body: { "active_tasks": ["task-id-1", "task-id-2"] } ... 推荐频率: 每 30 秒Run only under explicit user control, keep an easy stop mechanism, and avoid leaving autonomous task workers running unattended.