ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Angus Bounty Hunter

Automated smart contract bug bounty hunting. Scans Immunefi/Code4rena targets with Slither static analysis, triages findings with local LLMs, and generates P...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 425 · 0 current installs · 0 all-time installs
by@Chipp11
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Description implies automated scanning of Immunefi/Code4rena targets; the included scripts do not query those services or automate target discovery — they require a user-supplied GitHub repo URL. SKILL.md references a poc-template.sh that is not present in the bundle. This mismatch between advertised automation and delivered tooling is an incoherence.
!
Instruction Scope
scan.sh clones arbitrary repos and runs npm install and pip3 install -r requirements.txt from within the target repo. Installing dependencies from untrusted repositories can execute arbitrary code (npm lifecycle scripts, pip install side effects). triage.sh only talks to a localhost LLM endpoint (127.0.0.1:11434), so there are no obvious remote exfiltration endpoints, but the scripts do run actions that could execute code from the target repository.
Install Mechanism
No install spec (instruction-only) and included scripts are plain shell/Python. Nothing is downloaded by the skill itself during install. Note that runtime behavior triggers package installs from scanned repositories (npm/pip), which is an operational risk but not an installer red flag.
Credentials
The skill does not request credentials or environment variables (only optional BOUNTY_WORKDIR and BOUNTY_OUTPUT). It uses local services (solc-select, slither, optional Ollama) consistent with its purpose; no unrelated secrets are required.
Persistence & Privilege
always is false and the skill does not attempt to persist or modify other skills or system-wide agent settings. It writes scan outputs to a working directory but does not claim elevated or permanent privileges.
What to consider before installing
What to consider before installing/using: - The tool is mostly a wrapper around Slither + local triage scripts, but it does not automate enumerating Immunefi/Code4rena programs — you must supply a repo URL. The SKILL.md mentions a PoC generator (poc-template.sh) that is not included. - The scan script runs npm install and pip install inside target repositories. Those commands can run arbitrary code from the repo or its dependencies (npm lifecycle scripts, pip install hooks). Only run scans in isolated environments (ephemeral VM, container, sandbox) and avoid running on repos you don't trust. - Verify or remove the npm/pip install steps if you want a safer, dependency-free analysis flow (or vendor/inspect requirements first). - The triage step contacts a local Ollama endpoint (127.0.0.1). That is local only (not remote), but ensure your local LLM service is secure and not exposing data inadvertently. - Check and possibly change default WORK_DIR (defaults to /tmp/bounty-scans) and OUTPUT_DIR to locations you control; review outputs before sharing. - If you need true automation against Immunefi/Code4rena, expect to add authenticated API interactions or scraping logic — this bundle does not perform that. If you want higher assurance, request a version that omits automatic package installs, includes the missing PoC script, and documents exact network calls and file writes; otherwise treat this as a useful but operationally risky helper and run it only in isolated sandboxes.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972rpghvtbfx6vkgf2pz65ny581mqnn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Bounty Hunter

Automated smart contract vulnerability scanner for bug bounty programs. Uses free tools (Slither + local LLMs) for the heavy lifting, saves expensive models for PoC writing.

Requirements

  • slither-analyzer (pip): Static analysis
  • solc-select (pip): Solidity compiler management
  • Node.js: For script execution
  • Optional: Ollama with any code model for local triage

Quick Start

# Scan a repo
bash scripts/scan.sh <github-repo-url> [src-dir]

# Triage findings (uses local LLM if available, otherwise prints raw)
bash scripts/triage.sh <scan-output.json>

# Generate PoC template for a finding
bash scripts/poc-template.sh <finding-id> <contract-address>

Workflow

  1. Target Selection — Check Immunefi/Code4rena for active programs
  2. Clone & Scanscan.sh clones the repo, installs solc, runs Slither
  3. Triagetriage.sh filters HIGH/MEDIUM findings, removes known false positives
  4. Deep Dive — Only read code that Slither flagged (save your tokens)
  5. PoC — Use poc-template.sh to generate Foundry test scaffolding
  6. Submit — Write up finding on Immunefi/Code4rena

Target Selection Criteria

Before scanning, check:

  • Scope last updated within 30 days (fresh code = more bugs)
  • Past payouts > $50K (they actually pay)
  • GitHub repo in scope (not just deployed addresses)
  • Solidity-based (Slither only works with Solidity)

Anti-Patterns

  • Don't read entire codebases manually — let Slither scan first
  • Don't spend > 1 hour on a target without a concrete lead
  • Don't submit known issues (check past reports first)
  • Don't ignore test coverage — untested code is where bugs hide

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…