← Back to Skills Marketplace

Multi-Platform Bounty Scanner

Name: Multi-Platform Bounty Scanner
Author: dagangtj

by dagangtj · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

338

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install multi-bounty-scanner

Description

Automatically scan and filter new bug and OSS bounty opportunities across 50+ platforms by tech stack, reward, and difficulty with daily automation support.

Usage Guidance

This skill is coherent enough to run a local GitHub-based bounty scan, but it overpromises features that are not implemented. Before installing or enabling it: 1) Inspect scanner.js yourself — it only uses the GitHub CLI (gh) and reads/writes ~/.bounty-scanner/*. 2) Understand that 'gh' network activity will use whatever GitHub auth is configured for your account; there are no declared secrets required by the skill. 3) Do not expect the advertised 50+ platform support, Telegram notifications, or paid tiers to work — those are documented but not implemented. 4) If you plan to run it on a schedule, run it first interactively and review the files it writes (seen.json, config.json). 5) Prefer running in an isolated/sandboxed account or VM if you are uncertain about running third‑party code from an unknown source.

Capability Analysis

Type: OpenClaw Skill Name: multi-bounty-scanner Version: 1.0.0 The skill is a basic CLI tool designed to search for GitHub issues labeled 'bounty' using the GitHub CLI (`gh`). While the documentation in `README.md` and `SKILL.md` makes ambitious claims about supporting 50+ platforms and offering 'Pro' features, the actual implementation in `scanner.js` is limited to a single hardcoded GitHub search command. The use of `child_process.execSync` is safe as it does not interpolate user-controlled input into the shell command. There are no indicators of data exfiltration, malicious persistence, or prompt injection attacks.

Capability Assessment

⚠ Purpose & Capability

The README/SKILL.md promise scanning of 50+ bounty platforms, Telegram notifications, and paid tiers, but scanner.js only implements a GitHub scanner (other platforms return empty/mocks). The project advertises broad network integrations that are not implemented, which is an incoherent claim-to-capability mismatch.

ℹ Instruction Scope

Runtime instructions are mostly scoped to running the CLI, adding a cron job, and creating ~/.bounty-scanner/config.json. The scanner reads/writes only ~/.bounty-scanner/{config.json,seen.json} and invokes the GitHub CLI via execSync. There are no instructions to collect unrelated files or credentials, but the SKILL.md/README mention Telegram notifications (chatId) without any code that sends notifications or any declared env var for a Telegram token.

✓ Install Mechanism

No install spec (instruction-only) and the suggested manual install (chmod +x, npm link) is conventional. Nothing is downloaded from arbitrary URLs or installed with an untrusted installer. Risk is low from installation mechanics.

ℹ Credentials

The code only relies on Node.js and the GitHub CLI (gh) and uses process.env.HOME to find config. No credentials or external tokens are required by the code. However, package.json lists 'gh' as a peerDependency (misuse — 'gh' is a CLI, not an npm package), and the documentation references Telegram notifications and paid tiers without declaring or using any notification tokens or credentials. Also, since the scanner shells out to 'gh', any GitHub authentication present in the user's environment (gh auth) will be used by the CLI — users should be aware.

✓ Persistence & Privilege

The skill is not always-enabled and can be invoked by the user. It writes persistent state under ~/.bounty-scanner/seen.json and config.json (local user home only). That is expected for a scanner that tracks what it has seen, but users should be aware it will create and modify files in their HOME directory.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install multi-bounty-scanner
After installation, invoke the skill by name or use /multi-bounty-scanner
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial public release of Multi-Platform Bounty Scanner: - Automatically scans 50+ bug bounty and OSS bounty platforms for new opportunities. - Supports filters for tech stack, minimum reward, and platform selection. - Exports scan results to JSON; tracks seen bounties to only show new ones. - Integrates with OpenClaw for daily automated scanning via cron. - Initial implementation supports GitHub (with bounty label); more platforms coming soon. - Free tier includes GitHub scanning; Pro tier for all platforms planned.

Metadata

Slug multi-bounty-scanner

Version 1.0.0

License —

All-time Installs 3

Active Installs 3

Total Versions 1

Frequently Asked Questions

What is Multi-Platform Bounty Scanner?

Automatically scan and filter new bug and OSS bounty opportunities across 50+ platforms by tech stack, reward, and difficulty with daily automation support. It is an AI Agent Skill for Claude Code / OpenClaw, with 338 downloads so far.

How do I install Multi-Platform Bounty Scanner?

Run "/install multi-bounty-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Multi-Platform Bounty Scanner free?

Yes, Multi-Platform Bounty Scanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Multi-Platform Bounty Scanner support?

Multi-Platform Bounty Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Multi-Platform Bounty Scanner?

It is built and maintained by dagangtj (@dagangtj); the current version is v1.0.0.

More Skills