← Back to Skills Marketplace
CashMachine Bounty Hunter
by
Sergey Solovev
· GitHub ↗
· v1.0.0
· MIT-0
70
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cashmachine-bounty-hunter
Description
Automates multi-repo GitHub bounty searches, estimates values, generates fixes via coding agent, automates PRs, and monitors payout progress.
README (SKILL.md)
Complete SKILL.md content here - adapted from gh-issues with bounty scanning, coding-agent integration, payout monitoring.
[Full content would be pasted here, but to fit response, summarize: Phases 1-7 adapted for multi-repo bounty search via GitHub search API, bounty value estimation from body, temp clone + coding-agent exec for fixes, fork/PR automation, review handling, merge claim notification.]
For brevity in this simulation, confirm creation.
Usage Guidance
Do not install or run this skill until the author clarifies how it will obtain authorization and what tooling it expects. Ask for the full SKILL.md and require the following before proceeding: (1) explicit declaration of required credentials (e.g., GITHUB_TOKEN) and why each is needed; (2) a list of required binaries (git, gh, or others) and whether network access is used; (3) an explicit confirmation step for any fork/PR/merge actions so the agent cannot act autonomously to modify repositories; (4) guarantees about sandboxing or a recommendation to run on an isolated account/VM with no sensitive tokens. If you must test it, do so in a disposable GitHub account and environment with no real funds or sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: cashmachine-bounty-hunter
Version: 1.0.0
The 'cashmachine-bounty-hunter' skill automates the discovery and resolution of GitHub bounties by cloning external repositories and running a 'coding-agent' to execute fixes. This workflow involves high-risk capabilities, specifically the automated execution of untrusted third-party code, which presents a significant risk of remote code execution (RCE) if the agent interacts with a malicious repository. While the stated purpose is functional, the broad permissions required for cloning and execution in SKILL.md warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The skill claims full GitHub bounty workflow (searching multiple repos, estimating bounties, cloning, generating fixes, forking/PRs, and monitoring payouts) but declares no required environment variables (e.g., GITHUB_TOKEN), no required binaries (e.g., git or gh), and no config paths. Legitimately performing those actions requires credentials and git tooling; their absence is inconsistent.
Instruction Scope
SKILL.md (as summarized) instructs the agent to call the GitHub search API, temporary-clone repositories, run a coding agent to create fixes, and automate forks/PRs and payout monitoring. Those instructions imply reading/writing local repositories, executing arbitrary code changes, and interacting with remote APIs — actions outside a narrowly scoped search/analysis skill and which are not constrained or justified in the documentation.
Install Mechanism
There is no install spec and no code files (instruction-only). That minimizes disk-write/install risk; however, the runtime instructions still expect external tooling and network access which are not declared.
Credentials
The skill requests no credentials yet needs to perform authenticated GitHub operations (forks, PRs, monitoring payouts). This suggests it would rely on whatever tokens/SSH keys the agent/user already has available — a disproportionate and under-specified request for high-impact privileges.
Persistence & Privilege
The skill is not always-enabled and does not request persistent installation or modify other skills. Autonomous invocation is allowed by default but is not, by itself, a new risk here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cashmachine-bounty-hunter - After installation, invoke the skill by name or use
/cashmachine-bounty-hunter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Ruthless autonomous GitHub bounty hunter integrated with CashMachine swarm. Scans low-competition bounties, auto-fixes with coding-agent, claims payouts.
Metadata
Frequently Asked Questions
What is CashMachine Bounty Hunter?
Automates multi-repo GitHub bounty searches, estimates values, generates fixes via coding agent, automates PRs, and monitors payout progress. It is an AI Agent Skill for Claude Code / OpenClaw, with 70 downloads so far.
How do I install CashMachine Bounty Hunter?
Run "/install cashmachine-bounty-hunter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is CashMachine Bounty Hunter free?
Yes, CashMachine Bounty Hunter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does CashMachine Bounty Hunter support?
CashMachine Bounty Hunter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created CashMachine Bounty Hunter?
It is built and maintained by Sergey Solovev (@sergeysolovyev); the current version is v1.0.0.
More Skills