Bug Bounty
Bug Bounty 猎人 - 自动扫描漏洞、生成报告、追踪奖励。适合:安全研究员、白帽子。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 36 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (bug bounty scanning, reporting, reward tracking) are consistent with the SKILL.md content. The skill requests no binaries, credentials, or installs — which is plausible for a purely instructional skill, but incomplete: reward-tracking normally requires API credentials or service integration, and automated scanning typically needs explicit tooling (scan engines, rulesets) which are not declared.
Instruction Scope
SKILL.md contains high-level instructions to 'scan example.com for common vulnerabilities' and to generate reports, but it is vague and grants the agent broad discretion about how to perform scans. There are no explicit safeguards, target-scoping rules, or legal/authorization checks. That openness increases the risk the agent could be directed to run intrusive/networked actions against third parties without safeguards.
Install Mechanism
No install spec and no code files — lowest technical risk from installation (nothing is written to disk or downloaded).
Credentials
The skill requests no environment variables or credentials (which reduces risk). However, some advertised features (reward tracking, submission status, income statistics) typically require integrations (HackerOne/Bugcrowd/API keys, email access) that are not declared; the lack of those requirements may mean the feature is conceptual only or incomplete.
Persistence & Privilege
always:false (default) and agent-invocable is normal. The skill does not request persistent system presence or modifications to other skills/config — no elevated privileges requested.
What to consider before installing
This skill is an instruction-only 'bug bounty hunter' that outlines scanning and reporting capabilities but is vague about how scans are performed and lacks safeguards or integrations. Before installing or enabling it: (1) confirm you trust the skill author and understand provenance — source/homepage is unknown; (2) require explicit scope and authorization checks to prevent unauthorized scanning (limit to targets you own or are permitted to test); (3) ask the author for details about what tools or network access the skill expects (e.g., does it call external scanners, require API keys for bounty platforms?); (4) do not grant agent autonomous, unfettered network scanning rights unless you have clear legal authorization and logging; (5) if you plan to use reward-tracking features, require explicit declarations of which services are integrated and any credentials needed, and prefer using dedicated, audited integrations rather than giving broad access. If you need higher assurance, request a more detailed SKILL.md that specifies tooling, safety checks, and required integrations, or decline until provenance and scope are clarified.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.3
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐛 Clawdis
SKILL.md
Bug Bounty 猎人 Skill
自动扫描漏洞,帮你赚取 Bug Bounty 奖励。
核心功能
1. 漏洞扫描
- SQL 注入检测
- XSS 漏洞扫描
- CSRF 漏洞检测
- 敏感信息泄露
2. 报告生成
- 专业漏洞报告
- 复现步骤
- 修复建议
3. 奖励追踪
- 项目奖励范围
- 提交状态
- 收入统计
使用方法
扫描目标
扫描 example.com 的常见漏洞
生成报告
为发现的漏洞生成 Bug Bounty 报告
查找项目
推荐适合新手的 Bug Bounty 项目
创建:2026-03-11
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…