← Back to Skills Marketplace
Bug Bounty
by
yang1002378395-cmyk
· GitHub ↗
· v1.0.3
· MIT-0
314
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bug-bounty
Description
Bug Bounty 猎人 - 自动扫描漏洞、生成报告、追踪奖励。适合:安全研究员、白帽子。
README (SKILL.md)
Bug Bounty 猎人 Skill
自动扫描漏洞,帮你赚取 Bug Bounty 奖励。
核心功能
1. 漏洞扫描
- SQL 注入检测
- XSS 漏洞扫描
- CSRF 漏洞检测
- 敏感信息泄露
2. 报告生成
- 专业漏洞报告
- 复现步骤
- 修复建议
3. 奖励追踪
- 项目奖励范围
- 提交状态
- 收入统计
使用方法
扫描目标
扫描 example.com 的常见漏洞
生成报告
为发现的漏洞生成 Bug Bounty 报告
查找项目
推荐适合新手的 Bug Bounty 项目
创建:2026-03-11
Usage Guidance
This skill is an instruction-only 'bug bounty hunter' that outlines scanning and reporting capabilities but is vague about how scans are performed and lacks safeguards or integrations. Before installing or enabling it: (1) confirm you trust the skill author and understand provenance — source/homepage is unknown; (2) require explicit scope and authorization checks to prevent unauthorized scanning (limit to targets you own or are permitted to test); (3) ask the author for details about what tools or network access the skill expects (e.g., does it call external scanners, require API keys for bounty platforms?); (4) do not grant agent autonomous, unfettered network scanning rights unless you have clear legal authorization and logging; (5) if you plan to use reward-tracking features, require explicit declarations of which services are integrated and any credentials needed, and prefer using dedicated, audited integrations rather than giving broad access. If you need higher assurance, request a more detailed SKILL.md that specifies tooling, safety checks, and required integrations, or decline until provenance and scope are clarified.
Capability Analysis
Type: OpenClaw Skill
Name: bug-bounty
Version: 1.0.3
The skill bundle defines a 'Bug Bounty Hunter' agent designed to perform automated vulnerability scanning (SQLi, XSS, CSRF) and sensitive information discovery. While the stated intent is security research, these are high-risk capabilities that involve automated network attacks and could be used for unauthorized scanning. No implementation code was provided, but the instructions in SKILL.md define a high-risk operational profile for the AI agent.
Capability Assessment
Purpose & Capability
Name and description (bug bounty scanning, reporting, reward tracking) are consistent with the SKILL.md content. The skill requests no binaries, credentials, or installs — which is plausible for a purely instructional skill, but incomplete: reward-tracking normally requires API credentials or service integration, and automated scanning typically needs explicit tooling (scan engines, rulesets) which are not declared.
Instruction Scope
SKILL.md contains high-level instructions to 'scan example.com for common vulnerabilities' and to generate reports, but it is vague and grants the agent broad discretion about how to perform scans. There are no explicit safeguards, target-scoping rules, or legal/authorization checks. That openness increases the risk the agent could be directed to run intrusive/networked actions against third parties without safeguards.
Install Mechanism
No install spec and no code files — lowest technical risk from installation (nothing is written to disk or downloaded).
Credentials
The skill requests no environment variables or credentials (which reduces risk). However, some advertised features (reward tracking, submission status, income statistics) typically require integrations (HackerOne/Bugcrowd/API keys, email access) that are not declared; the lack of those requirements may mean the feature is conceptual only or incomplete.
Persistence & Privilege
always:false (default) and agent-invocable is normal. The skill does not request persistent system presence or modifications to other skills/config — no elevated privileges requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install bug-bounty - After installation, invoke the skill by name or use
/bug-bounty - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
- Added SKILL.md with detailed description, usage instructions, and core features of the bug bounty skill.
- Introduced core functions: automated vulnerability scanning, professional report generation, and bounty tracking.
- Outlined example commands for scanning, report generation, and project recommendations.
- Provided clear scope for intended users: security researchers and white hats.
Metadata
Frequently Asked Questions
What is Bug Bounty?
Bug Bounty 猎人 - 自动扫描漏洞、生成报告、追踪奖励。适合:安全研究员、白帽子。 It is an AI Agent Skill for Claude Code / OpenClaw, with 314 downloads so far.
How do I install Bug Bounty?
Run "/install bug-bounty" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bug Bounty free?
Yes, Bug Bounty is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Bug Bounty support?
Bug Bounty is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bug Bounty?
It is built and maintained by yang1002378395-cmyk (@yang1002378395-cmyk); the current version is v1.0.3.
More Skills