Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RustChain Bounty Hunter-v2-1
v1.0.0Automates RustChain bounty hunting by coding, testing, and preparing PRs for low-competition issues with full test coverage and bonus claims.
⭐ 0· 69·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims end-to-end bounty work including pushing to your fork, preparing PRs, and claiming bonus RTC (on-chain rewards). Those actions normally require git and GitHub credentials (or GH CLI), plus possibly wallet/private keys for claiming tokens. Yet the skill declares no required binaries, environment variables, or config paths. That mismatch suggests the skill is omitting critical capabilities/requirements.
Instruction Scope
SKILL.md is high-level and open-ended: it instructs the agent to 'handle coding, testing, pushing to your fork, and prepare the PR' but provides no concrete operational limits (which repos, what auth, where tests run). The agent would need to read and modify repository files and potentially use a wallet to claim rewards; those data access steps are not constrained or documented, granting broad discretion that could be abused or cause accidental exposure.
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes on-disk installation risk because nothing is downloaded or written by the skill itself.
Credentials
No environment variables, credentials, or config paths are declared, yet the described functionality implies the need for: a GitHub token (repo write / push / PR), git/GH CLI binary access, and potentially private keys/wallet credentials to claim RTC. The absence of declared credentials is disproportionate and unexplained.
Persistence & Privilege
always is false (good). The skill allows normal autonomous invocation (platform default). Combined with the other concerns (silent credential needs and broad file/repo access), autonomous invocation could increase risk, but by itself the persistence/privilege settings are not the primary issue.
What to consider before installing
This skill is missing critical, expected details for its claimed actions. Before installing or using it:
- Don’t hand over high-privilege credentials (GitHub tokens with broad repo write access or any private keys/wallet seeds). If you must provide a token, create a scoped, short-lived token limited to a single fork and repository and prefer read-only where possible.
- Ask the author how the skill authenticates and what exact permissions it needs (git/GH CLI? OAuth flow? repo scope? wallet signing?). Require a clear list of required env vars and binaries.
- Demand transparency: request examples of the exact commands it will run, where tests execute, and how it prepares PRs (drafts only? pushes to a fork?). Prefer an approach where the agent prepares a local branch/patch that you review and push yourself.
- Avoid providing private keys or wallet seeds. For claiming on-chain rewards, prefer a manual signing workflow or use a hardware wallet/transaction relay you control.
- Test in a sandbox/fork with no valuable access first. Review all diffs produced by the skill before merging or pushing to main repos.
- If you want a stronger assurance, ask the publisher for source code or a reproducible runbook so an auditor can verify there is no hidden exfiltration or undisclosed network calls.
Given the inconsistencies, treat this skill as untrusted until the author documents exactly how repository and on-chain interactions are performed and which credentials are required.Like a lobster shell, security has layers — review code before you run it.
latestvk97c8wjsh108es0t31ht36r88x83dm32
License
MIT-0
Free to use, modify, and redistribute. No attribution required.