Github Bounty Hunter
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: github-bounty-hunter Version: 1.0.1 The skill is classified as suspicious due to its autonomous nature and reliance on the `gh` CLI for interacting with the user's GitHub account. While the `subprocess.run` calls in `bounty_hunter.py` are constructed safely (mitigating direct shell injection), the script operates with high privileges (requiring a GitHub token) to search, comment, and potentially create PRs on behalf of the user. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints, backdoors, or harmful prompt injection, but the broad permissions and continuous execution loop for making external actions warrant a 'suspicious' classification rather than 'benign'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your GitHub account could publicly post bounty applications that you did not individually review, risking spam, reputation damage, or platform policy issues.
The script can submit an application comment to GitHub issues through the authenticated GitHub CLI, turning filtered matches into public account actions without a per-bounty confirmation step.
"gh", "issue", "comment", issue_number, "--repo", repo, "--body", f"/apply\n\n{proposal}"Require explicit user approval before every GitHub comment or PR, add a dry-run mode, and restrict targets with repository allowlists and clear rate limits.
The skill may act as you on GitHub, and users may not realize what account permissions are being delegated.
The skill expects access to a GitHub token/account, but the registry metadata declares no primary credential or required environment variables, and the artifacts do not specify least-privilege scopes.
- GitHub account with token
Declare the GitHub credential requirement, document minimal token scopes, and recommend using a dedicated low-privilege GitHub account or token.
If run and left unattended, the skill can continue operating for a long time and may keep using your GitHub account outside the immediate task.
The main routine is an unbounded loop that repeatedly scans and can continue taking bounty-related actions every configured interval until interrupted.
while True: ... time.sleep(self.config['check_interval'] * 60)
Add a maximum run time or one-shot mode, require scheduled runs to be explicitly configured, and stop after presenting actions for user approval.
A user could misunderstand or reuse a payment address they do not control, creating payment-routing confusion or loss risk.
A money-earning skill that advertises wallet management includes a pre-filled wallet address that is not labeled as a placeholder and is not explained in the docs.
"wallet_address": "XKOe14f180561c42b1bd7b2e534b4c2e84360665da8"
Remove the default wallet address, require users to explicitly enter their own address, and clearly document how any payment information is used.
Users may install it without realizing it needs local command execution and authenticated GitHub access.
The registry declarations understate the included runnable Python script and documented GitHub CLI/token requirements, making the operational footprint less clear at install time.
No install spec — this is an instruction-only skill; Required binaries ... none; Primary credential: none
Align metadata with the actual requirements, including Python, gh CLI, GitHub authentication, and the capabilities to post comments or submit proposals.