Bug Bounty
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: bug-bounty Version: 1.0.3 The skill bundle defines a 'Bug Bounty Hunter' agent designed to perform automated vulnerability scanning (SQLi, XSS, CSRF) and sensitive information discovery. While the stated intent is security research, these are high-risk capabilities that involve automated network attacks and could be used for unauthorized scanning. No implementation code was provided, but the instructions in SKILL.md define a high-risk operational profile for the AI agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could probe an unauthorized or out-of-scope website, which may cause legal, operational, or program-policy problems for the user.
The skill instructs an agent to perform active vulnerability testing against a domain, but the provided instructions do not require verifying that the target is authorized, in scope for a bug bounty program, or safe to test.
自动扫描漏洞... - SQL 注入检测 - XSS 漏洞扫描 - CSRF 漏洞检测 ... 扫描 example.com 的常见漏洞
Only use this skill on systems where you have explicit permission. The skill should add mandatory checks for authorization, program scope, test intensity, rate limits, and user confirmation before any active scan.