Bug Bounty
ReviewAudited by ClawScan on May 10, 2026.
Overview
This code-free skill is transparent about being a bug-bounty helper, but it directs agents to automatically probe websites for vulnerabilities without requiring authorization or scope checks.
Review this skill carefully before installing. It appears to be an instruction-only bug bounty helper, not malware, but you should only let it scan targets that are explicitly authorized and in scope for a bug bounty program.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could probe an unauthorized or out-of-scope website, which may cause legal, operational, or program-policy problems for the user.
The skill instructs an agent to perform active vulnerability testing against a domain, but the provided instructions do not require verifying that the target is authorized, in scope for a bug bounty program, or safe to test.
自动扫描漏洞... - SQL 注入检测 - XSS 漏洞扫描 - CSRF 漏洞检测 ... 扫描 example.com 的常见漏洞
Only use this skill on systems where you have explicit permission. The skill should add mandatory checks for authorization, program scope, test intensity, rate limits, and user confirmation before any active scan.