← Back to Skills Marketplace
268
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auto-bounty-hunter
Description
Automatically scan GitHub repositories for open issues with 0 comments, evaluate their value, claim them, and submit PRs. Automates the entire GitHub bounty...
README (SKILL.md)
GitHub Bounty Hunter
Automate the entire GitHub bounty hunting workflow: scan for opportunities, evaluate value, claim issues, and submit PRs.
What This Skill Does
- Scans GitHub for 0-comment issues (first-mover advantage)
- Evaluates issue value and complexity
- Claims viable issues automatically
- Submits PRs with quality implementations
- Tracks submissions and monitors merge status
Usage
Quick Start
# Scan and process issues automatically
bash scripts/bounty_hunter.sh
Configuration
Edit scripts/config.sh to customize:
MIN_VALUE=10 # Minimum estimated value ($)
MAX_COMPLEXITY=5 # Max complexity (1-10 scale)
AUTO_CLAIM=true # Auto-claim issues
AUTO_SUBMIT=true # Auto-submit PRs
Automated Operation
Set up cron for continuous scanning:
# Every 30 minutes
*/30 * * * * bash ~/.openclaw/workspace/skills/github-bounty-hunter/scripts/bounty_hunter.sh
How It Works
- Discovery: Searches GitHub for
is:issue is:open comments:0 - Filtering: Removes spam, duplicates, and low-value issues
- Evaluation: Scores based on:
- Repository stars/activity
- Issue clarity and scope
- Estimated time to complete
- Potential payout
- Claiming: Comments on issue to claim it
- Implementation: Generates solution and submits PR
- Tracking: Monitors PR status and merge events
Scripts
bounty_hunter.sh- Main automation scriptconfig.sh- Configuration settingsevaluator.sh- Issue value evaluationtracker.sh- PR status tracking
Best Practices
- Start with
AUTO_CLAIM=falseto review opportunities first - Focus on repositories with clear contribution guidelines
- Maintain high PR quality to build reputation
- Track merge rate and adjust strategy
Revenue Potential
- Conservative: $50-200/month (5-10 merged PRs)
- Moderate: $200-500/month (10-25 merged PRs)
- Aggressive: $500-1000/month (25-50 merged PRs)
Success depends on:
- PR quality and merge rate
- Time invested
- Repository selection
- Market conditions
Usage Guidance
This skill is inconsistent and should be treated cautiously. Key issues: (1) The code uses the GitHub CLI (gh) and jq and needs a GitHub-authenticated account to comment/claim/create PRs, but the registry declares no required binaries or credentials—so running it as-is will fail or may rely on preconfigured local credentials you didn't intend to use. (2) The SKILL.md promises full automation (claiming and submitting PRs), but the package is missing evaluator.sh and any PR-submission code—the implementation is incomplete. Before installing or running: - Do not schedule cron or enable autonomous runs until you review and test thoroughly. - Require DRY_RUN=true and AUTO_CLAIM=false while auditing. - Verify presence and provenance of gh and jq on the host; prefer installing them manually from official sources. - Use a disposable or limited-scope GitHub account/token for testing (least privilege). - Inspect or request the missing evaluator.sh and submission code to confirm what it would post to issues/PRs. - Consider ethical and platform-policy implications: automated claiming/submitting across others' repos can violate contribution policies or be considered abusive. If the author cannot explain the missing pieces and properly declare required credentials and binaries, do not run it.
Capability Analysis
Type: OpenClaw Skill
Name: auto-bounty-hunter
Version: 1.0.0
The skill bundle provides a framework for automating the discovery and tracking of GitHub issues for open-source contributions. It uses the official GitHub CLI (`gh`) and `jq` to scan for issues with no comments, evaluate them based on repository popularity (stars), and maintain a local queue in `data/queue.json`. While the stated goal of 'bounty hunting' for passive income can be associated with low-quality automation, the provided scripts (`bounty_hunter.sh`, `tracker.sh`, `config.sh`) contain no evidence of malicious intent, data exfiltration, or unauthorized access.
Capability Assessment
Purpose & Capability
The skill claims to fully automate discovery, claiming, and PR submission on GitHub. The scripts use the GitHub CLI (gh) and jq, and will need an authenticated GitHub identity to comment/claim/create PRs, yet the registry metadata declares no required binaries or credentials. That mismatch (no GH token or gh/jq declared) is disproportionate to the stated purpose and is incoherent.
Instruction Scope
SKILL.md instructs running the automation and setting up cron to run the script continuously and describes auto-claim/auto-submit behaviors. The actual code (bounty_hunter.sh and tracker.sh) implements scanning, evaluation scaffolding, and queueing, but there is no evaluator.sh or any submission/PR-creation implementation in the provided files—so the instructions promise actions the code does not implement. The scripts also will call gh to inspect repos and PRs and could comment/claim (if submission code were present), which is an externally impactful operation that requires explicit credential handling that is not declared.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain install risk. However, the scripts rely on external binaries (gh, jq) and assume they are present and authenticated; those dependencies are not declared in the registry metadata or SKILL.md. That omission is a practical installation/operation gap the user must address before use.
Credentials
The scripts will require an authenticated GitHub identity (gh uses local auth or GH_TOKEN) to perform claims/comments/PR operations, but the skill declares no required environment variables or primary credential. Requiring GitHub credentials is proportionate to the purpose, but they must be explicitly declared and minimized; the absence of any declared credential is a red flag. Additionally, the skill writes data and logs into the user's workspace (queue/history/log), which is expected but worth noting.
Persistence & Privilege
The skill is not marked always:true. It can be invoked autonomously (platform default). Autonomous invocation plus the ability to perform external actions (comment/claim/PR on GitHub) increases blast radius if the missing credential handling or automation toggles are misconfigured; combine that with the other inconsistencies before enabling autonomous runs or cron scheduling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install auto-bounty-hunter - After installation, invoke the skill by name or use
/auto-bounty-hunter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Fully automated GitHub bounty hunting system with scanning, evaluation, claiming, and PR submission
Metadata
Frequently Asked Questions
What is Auto Bounty Hunter?
Automatically scan GitHub repositories for open issues with 0 comments, evaluate their value, claim them, and submit PRs. Automates the entire GitHub bounty... It is an AI Agent Skill for Claude Code / OpenClaw, with 268 downloads so far.
How do I install Auto Bounty Hunter?
Run "/install auto-bounty-hunter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Auto Bounty Hunter free?
Yes, Auto Bounty Hunter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Auto Bounty Hunter support?
Auto Bounty Hunter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Auto Bounty Hunter?
It is built and maintained by dagangtj (@dagangtj); the current version is v1.0.0.
More Skills