ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bounty Hunter Agent

v1.1.0

Autonomously scans GitHub, Algora, and Opire for bounty issues, scores by payout and competition, ranks opportunities, and can auto-submit PRs.

0· 94·1 current·1 all-time
by@lanxevo3

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lanxevo3/bounty-hunter-agent.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Bounty Hunter Agent" (lanxevo3/bounty-hunter-agent) from ClawHub.
Skill page: https://clawhub.ai/lanxevo3/bounty-hunter-agent
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install bounty-hunter-agent

ClawHub CLI

Package manager switcher

npx clawhub@latest install bounty-hunter-agent
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim: scan GitHub, Algora, Opire, rank bounties, and auto-submit PRs / spawn fix sessions. The included script only calls the gh CLI / GitHub API (search, timeline) and produces a local ranked JSON — there is no visible integration with Algora or Opire, no auto-PR submission, and no OpenClaw orchestration in the portion shown. Requesting no special credentials is coherent for a read-only GitHub scanner (it relies on gh auth), but the extra advertised capabilities are not justified by the code.
Instruction Scope
SKILL.md instructs running the script and claims it will check Algora/Opire and can spawn OpenClaw sessions; the script as shown only searches GitHub via gh, extracts payouts, counts PRs, scores, and writes state to ~/.agents/skills/bounty-hunter-agent/state/bounties.json. The instructions are otherwise specific (uses gh CLI), and the script does write local state as documented. The mismatch between declared external integrations/auto-submit and the script is the main scope issue.
Install Mechanism
No install spec (instruction-only) and no third-party packages; the script uses only the Python stdlib and the gh CLI. This is low-risk from an install perspective because nothing is downloaded or extracted by the skill itself.
Credentials
No required env vars are declared; the script accepts optional BOUNTY_* overrides and relies on gh CLI authentication for GitHub access. Asking the user to authenticate gh is appropriate for the stated GitHub scanning purpose. There are no unrelated credential requests.
Persistence & Privilege
The skill persists state to ~/.agents/skills/bounty-hunter-agent/state/bounties.json which is reasonable for avoiding re-scans. always is false and the skill does not request elevated privileges. Nothing indicates modification of other skills or system-wide configs.
What to consider before installing
This skill appears to be a GitHub issue scanner that uses your local gh CLI credentials and stores results under ~/.agents/skills/.../state/bounties.json — that part is coherent and low-risk. However, the README promises extra features (checking Algora/Opire bounties, auto-submitting PRs, and spawning OpenClaw fix sessions) that are not visible in the provided script. Before installing or invoking the skill: 1) request the complete, untruncated script and confirm whether any code actually implements Algora/Opire integrations or PR submission; 2) if you expect automated PR submission, require explicit code review and limit the gh token's permissions (use a token with minimal scopes or run in a throwaway account); 3) consider running the script in a sandbox or with a dry-run option to confirm it only reads data and does not push changes; and 4) if you plan to enable OpenClaw automation, verify the orchestration code and scope so it cannot autonomously modify other repos or exfiltrate tokens. If you cannot verify the missing functionality, treat the advertised auto-submit/third-party integrations as untrusted and avoid granting broader rights.

Like a lobster shell, security has layers — review code before you run it.

automationvk97cf4p1seftm5795b41pech2d83q23qbountyvk97cf4p1seftm5795b41pech2d83q23qgithubvk97cf4p1seftm5795b41pech2d83q23qlatestvk97cf4p1seftm5795b41pech2d83q23q
94downloads
0stars
2versions
Updated 1mo ago
v1.1.0
MIT-0
@lanxevo3
automationbountygithublatest
Download

Bounty Hunter Agent

Metadata

  • Name: bounty-hunter-agent
  • Version: 1.0.0
  • Author: lanxevo3
  • Tags: github, bounty, automation, monetization, algora, opire
  • License: MIT

Description

Autonomous GitHub bounty hunting agent. Scans for paid issues across GitHub, Algora, and Opire, evaluates viability based on competition level and payout amount, and helps you prioritize and submit PRs automatically.

What It Does

  1. Scans repositories for bounty-labeled issues (bounty, 💰, reward, paid, algora, opire)
  2. Evaluates competition level by checking existing PRs and comments on each issue
  3. Scores opportunities by payout amount, competition density, issue age, and repo activity
  4. Prioritizes a ranked list of actionable bounties sorted by expected value
  5. Tracks state in a local JSON file so you never re-scan the same issues
  6. Spawns fix sessions — integrates with OpenClaw to kick off autonomous coding sessions for top-ranked bounties

Prerequisites

  • gh CLI authenticated (gh auth status should succeed)
  • Python 3.8+ (stdlib only — no pip dependencies)
  • Optional: OpenClaw runtime for automated fix session spawning

Usage

Quick Scan

python ~/.agents/skills/bounty-hunter-agent/scripts/bounty_scan.py

With OpenClaw

When installed as a skill, invoke via:

/bounty-hunter-agent scan

The agent will:

  • Search GitHub for bounty-labeled issues
  • Check Algora and Opire for listed bounties
  • Output a ranked JSON report to ~/.agents/skills/bounty-hunter-agent/state/bounties.json
  • Print a human-readable summary to stdout

Configuration

Set environment variables to customize behavior:

VariableDefaultDescription
BOUNTY_MIN_PAYOUT25Minimum payout in USD to consider
BOUNTY_MAX_COMPETITION5Max competing PRs before skipping
BOUNTY_SCAN_LIMIT100Max issues to scan per query
BOUNTY_STATE_DIR~/.agents/skills/bounty-hunter-agent/stateWhere to store state

Output Format

The scan produces a ranked list:

[
  {
    "rank": 1,
    "score": 87.5,
    "repo": "org/repo",
    "issue": 123,
    "title": "Add feature X",
    "payout_usd": 200,
    "competing_prs": 1,
    "url": "https://github.com/org/repo/issues/123",
    "labels": ["bounty", "💰 200"],
    "age_days": 3
  }
]

How Scoring Works

score = payout_weight * (payout / max_payout)
      + competition_weight * (1 - competing_prs / max_competition)
      + freshness_weight * (1 - age_days / max_age)

Default weights: payout=50, competition=35, freshness=15

Lower competition + higher payout + newer issue = higher score.

Comments

Loading comments...