Github Bounty Hunter
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is designed to run autonomously and post bounty applications from your GitHub account, with weak scoping, under-declared credentials, and payment-related ambiguity.
Do not run this unattended as-is. Review the code, remove or replace the default wallet address, verify which GitHub account gh is using, restrict the repositories it may touch, and require manual approval before any public comment or bounty application.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your GitHub account could publicly apply or comment on bounty issues automatically, which may look like spam and could affect your reputation or account standing.
The script is built to decide when to apply and then post a public GitHub issue comment through the user's gh account, with no per-bounty approval, repository allowlist, or dry-run default.
if self.should_apply(bounty): ... self.apply_to_bounty(bounty) ... ["gh", "issue", "comment", issue_number, "--repo", repo, "--body", f"/apply\n\n{proposal}"]Require explicit user approval before each comment, add a dry-run mode by default, restrict allowed repositories, and set clear daily or per-run action limits.
The skill may use whatever GitHub account and token are already configured locally, without making the required account permissions or token scope clear.
The registry contract does not declare a credential, while the skill documentation requires a GitHub token and the code uses gh to act as the authenticated user.
Primary credential: none; Required env vars: none
Declare GitHub authentication in metadata, document the minimum token scopes, and warn users that actions are performed under their GitHub identity.
If left running, it can continue searching and attempting bounty actions beyond the user's immediate supervision.
After the user starts it, the script is designed to keep scanning on an interval indefinitely rather than performing one bounded task.
while True: ... time.sleep(self.config["check_interval"] * 60)
Add a bounded run mode, maximum runtime, maximum applications per run, and clear stop instructions before enabling any automatic posting.
A user could mistakenly rely on a bundled wallet value when configuring bounty payments, especially because the skill markets wallet/payment handling.
A concrete default wallet address appears in a package that advertises payment tracking and wallet management, creating payment-direction ambiguity unless users notice and replace it.
"wallet_address": "XKOe14f180561c42b1bd7b2e534b4c2e84360665da8"
Remove the default wallet address or replace it with an obvious placeholder, and require users to explicitly configure their own payment details.
Setup may rely on untracked local tooling or undocumented user steps, making it harder to know exactly what will run and under which account.
The skill claims a required CLI will be auto-installed, but the provided install spec declares no install mechanism and the package metadata does not list required binaries.
`gh` CLI (auto-installed if missing)
Declare required binaries in metadata and document installation clearly; avoid claiming auto-install behavior unless the reviewed artifacts implement it safely.