← Back to Skills Marketplace
GitHub Bounty Finder Pro
by
lvjunjie-byte
· GitHub ↗
· v1.0.2
· MIT-0
109
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-bounty-finder-lvjunjie
Description
Scan GitHub and Algora for high-value bounties, analyze competition and freshness, score opportunities, and provide actionable recommendations.
README (SKILL.md)
GitHub Bounty Finder Skill
🎯 Find high-value GitHub and Algora bounties with automated competition analysis
Description
GitHub Bounty Finder is a powerful scanning tool that helps developers discover lucrative bounty opportunities on GitHub and Algora. It automatically analyzes competition levels, scores opportunities, and provides actionable recommendations.
Features
- 🔍 Multi-Platform Scanning: Scan both GitHub Issues and Algora bounties
- 📊 Competition Analysis: Analyze PR counts, comments, and engagement
- 🎯 Smart Filtering: Auto-filter low-competition, high-value opportunities
- 💰 Opportunity Scoring: 0-100 scoring algorithm based on value, competition, and freshness
- 🤖 Automated Recommendations: Get actionable insights for each bounty
- 📈 Pricing Intelligence: Market-based pricing recommendations
Installation
# Install via clawhub
clawhub install github-bounty-finder
# Or install manually
cd skills/github-bounty-finder
npm install
Configuration
Create a .env file in the skill directory:
GITHUB_TOKEN=your_github_personal_access_token
ALGORA_API_KEY=your_algora_api_key
Getting API Keys
-
GitHub Token:
- Go to GitHub Settings → Developer settings → Personal access tokens
- Create a token with
public_reposcope
-
Algora API Key:
- Visit https://algora.io/settings/api
- Generate a new API key
Usage
Basic Scan
github-bounty-finder scan
Advanced Options
# Custom search query
github-bounty-finder scan --query "bug bounty"
# Set minimum bounty amount
github-bounty-finder scan --min-bounty 500
# Limit competition (max comments)
github-bounty-finder scan --max-competition 3
# GitHub only
github-bounty-finder scan --github-only
# Save results to file
github-bounty-finder scan --output results.json
Demo Mode
github-bounty-finder demo
Check Configuration
github-bounty-finder config
Output Format
The scanner returns structured data:
{
"bounties": [
{
"id": 123,
"title": "Fix memory leak",
"url": "https://github.com/...",
"bountyAmount": 1500,
"comments": 0,
"score": 95,
"competitionLevel": "None",
"recommendedAction": "🔥 HIGH PRIORITY - Apply immediately"
}
],
"totalFound": 25,
"highPriority": 5,
"goodOpportunities": 12,
"pricingRecommendation": {
"recommendedPrice": 149,
"currency": "USD",
"billingCycle": "monthly"
}
}
Opportunity Scoring Algorithm
Scores are calculated based on:
-
Bounty Value (0-30 points): Higher bounties score better
- $1000+: +30 points
- $500+: +20 points
- $200+: +10 points
-
Competition Level (0-40 points): Less competition is better
- 0 comments: +40 points
- 1-2 comments: +30 points
- 3-5 comments: +20 points
- 6-10 comments: +10 points
-
Freshness (0-20 points): Newer is better
- ≤3 days: +20 points
- ≤7 days: +15 points
- ≤14 days: +10 points
- ≤30 days: +5 points
Pricing Strategy
Recommended Price: $149/month
Justification:
- Average bounty value: $500-2000
- Time saved: 10-20 hours/week on manual searching
- ROI: One successful bounty covers 3-6 months subscription
- Target market: Professional developers, bounty hunters, OSS contributors
Expected Revenue: $3,000-8,000/month
- Conservative: 20 subscribers × $149 = $2,980/month
- Target: 50 subscribers × $149 = $7,450/month
- Optimistic: 100 subscribers × $149 = $14,900/month
Integration Examples
Node.js
const BountyScanner = require('github-bounty-finder');
const scanner = new BountyScanner({
minBounty: 200,
maxCompetition: 5
});
const results = await scanner.scan({
github: true,
algora: true,
limit: 100
});
console.log(`Found ${results.highPriority} high-priority bounties!`);
CLI Automation
# Daily scan with cron
0 9 * * * github-bounty-finder scan --min-bounty 500 --output /path/to/results.json
Troubleshooting
API Rate Limits
If you hit GitHub API rate limits:
- Use authenticated requests (set GITHUB_TOKEN)
- Reduce scan frequency
- Increase delay between requests
No Results Found
- Lower your
--min-bountythreshold - Increase
--max-competitionlimit - Try different search queries
License
MIT
Support
For issues and feature requests, visit the GitHub repository.
Made with 🐉 by OpenClaw Skills
Usage Guidance
This package's code matches its description (it calls GitHub and Algora APIs, scores results, and can save a JSON). However, the registry metadata omitted required env vars while SKILL.md and README instruct you to create a .env with GITHUB_TOKEN and ALGORA_API_KEY. Before installing: 1) verify the package source/repository and maintainer (clawhub.json points to a GitHub URL — inspect that repo). 2) Only provide a GitHub token with minimal scope (public_repo as recommended) — do not use a full account/password or tokens with repo/write/admin scopes. 3) Prefer creating tokens scoped narrowly and run initial scans in an isolated environment (or a throwaway account) to validate behavior. 4) If you plan to use Algora, verify the algora API endpoint and key policy. 5) Consider asking the publisher to correct the registry metadata to explicitly declare the required credentials before supplying secrets. Overall functionality looks coherent, but the metadata/documentation mismatch is the main reason to be cautious.
Capability Analysis
Type: OpenClaw Skill
Name: github-bounty-finder-lvjunjie
Version: 1.0.2
The GitHub Bounty Finder skill is a legitimate tool designed to scan GitHub and Algora for bounty opportunities. The code in `src/scanner.js` and `bin/cli.js` implements standard API interactions with GitHub and Algora, including filtering and scoring logic based on bounty value and competition. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the extensive pricing and revenue projections in `SKILL.md` and `README.md` appear to be business-oriented documentation rather than functional threats.
Capability Assessment
Purpose & Capability
Name/description match the code: src/scanner.js and bin/cli.js implement GitHub and Algora scanning, competition analysis, scoring and export. The requested environment variables in README/SKILL.md (GITHUB_TOKEN, ALGORA_API_KEY) are appropriate for the stated purpose. However, the skill metadata shown earlier (Requirements: none / Primary credential: none) omits these keys — an inconsistency between declared registry metadata and the runtime docs/code.
Instruction Scope
SKILL.md and bin/cli.js instruct the agent/user to provide GITHUB_TOKEN and ALGORA_API_KEY and to run the CLI. The runtime instructions and code only access those environment variables (via dotenv/process.env), call GitHub (api.github.com) and Algora (api.algora.io), and optionally write an output JSON. There are no instructions to read unrelated system files or send data to unknown endpoints.
Install Mechanism
There is no remote download/install from untrusted URLs; installation is via npm (package.json) or clamphub. Dependencies are standard npm libs (axios, dotenv, commander, chalk). No extract-from-unknown-URL or executable installers are used in the provided files.
Credentials
The code legitimately needs GITHUB_TOKEN and ALGORA_API_KEY, which the docs ask for. But the registry metadata presented earlier (Requirements: none, Primary credential: none) does not declare these required secrets — this mismatch is a red flag because the skill will ask for/expect secrets that are not declared up-front in the registry. Confirm the registry listing and ensure secrets are explicitly declared. Also ensure you provide a token with minimal scope (e.g., public_repo only) and not a full user token.
Persistence & Privilege
The skill does not request 'always: true', does not persist or modify other skills' configs, and only runs when invoked. It does not attempt to enable itself permanently or request elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install github-bounty-finder-lvjunjie - After installation, invoke the skill by name or use
/github-bounty-finder-lvjunjie - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added detailed documentation in SKILL.md, covering description, features, installation, configuration, usage, output, algorithms, pricing, and integration.
- Explained the opportunity scoring algorithm and pricing strategy.
- Provided CLI and Node.js integration examples.
- Included troubleshooting tips and support information.
- No code changes specified for this version.
Metadata
Frequently Asked Questions
What is GitHub Bounty Finder Pro?
Scan GitHub and Algora for high-value bounties, analyze competition and freshness, score opportunities, and provide actionable recommendations. It is an AI Agent Skill for Claude Code / OpenClaw, with 109 downloads so far.
How do I install GitHub Bounty Finder Pro?
Run "/install github-bounty-finder-lvjunjie" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is GitHub Bounty Finder Pro free?
Yes, GitHub Bounty Finder Pro is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does GitHub Bounty Finder Pro support?
GitHub Bounty Finder Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created GitHub Bounty Finder Pro?
It is built and maintained by lvjunjie-byte (@lvjunjie-byte); the current version is v1.0.2.
More Skills