← Back to Skills Marketplace
Bounty Hunter Skill
by
futeyaoshi
· GitHub ↗
· v1.0.5
· MIT-0
146
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install bounty-hunter-skill
Description
Operate the Niuma Bounty task platform on XLayer testnet: query, post, join, submit, review tasks, bidding, balance check, and build unsigned transactions.
README (SKILL.md)
niuma-bounty
Niuma Bounty Platform skill — 操作 task.niuma.works 链上赏金任务平台(XLayer 测试网)。
支持:查询任务、发布任务、接单、提交工作、审核、招标竞价、余额查询、构建未签名交易。
环境要求
- Node.js >= 18
- 依赖:
ethers@^6(已包含在 package.json) - 写操作需设置
NIUMA_WALLET_SECRET环境变量
首次使用安装依赖:
cd SKILL_DIR && npm install
网络 & 合约地址
| 参数 | 值 |
|---|---|
| 链 | XLayer 测试网 |
| Chain ID | 1952 |
| RPC | https://xlayertestrpc.okx.com |
| 浏览器 | https://www.oklink.com/xlayer-test |
| Core | 0x3E7765a23AEE412bfc36760Ec8Abb495fb5c6370 |
| Bidding | 0xC917e6426608E1A7d0267b9346C9c70F97Cdb65B |
| QueryHelper | 0x45f390AC7459ab31a23f14513dEbE9a59Dc06826 |
| NIUMA Token | 0x49ABB6BFFEce92EAd9E71BCA930Ac877ef71939D |
| Registry | 0x5d48C3c8F2D8854d444C9E94e09696c28748cfe8 |
完整地址见 references/contracts.json。
Task 状态
| 值 | 状态 | 含义 |
|---|---|---|
| 0 | Pending | 待审核 |
| 1 | Open | 开放接单 |
| 2 | InProgress | 进行中 |
| 3 | UnderReview | 待审核提交 |
| 4 | Completed | 已完成 |
| 5 | Disputed | 争议中 |
| 6 | Cancelled | 已取消 |
| 7 | Rejected | 已拒绝 |
Task 类型
| 值 | 类型 | 说明 |
|---|---|---|
| 0 | Normal | 普通任务,先到先得 |
| 1 | Bidding | 招标任务,创建者选标 |
CLI 用法
SKILL_DIR = 本 SKILL.md 所在目录。
读操作(无需私钥)
# 查单个任务
node SKILL_DIR/scripts/niuma.js task \x3CtaskId>
# 活跃任务列表
node SKILL_DIR/scripts/niuma.js list [offset] [limit]
# 所有任务分页(含已结束)
node SKILL_DIR/scripts/niuma.js paginated [offset] [limit]
# 待审核任务
node SKILL_DIR/scripts/niuma.js pending [offset] [limit]
# 按状态查询 (status: 0-7)
node SKILL_DIR/scripts/niuma.js by-status \x3Cstatus> [offset] [limit]
# 按分类查询
node SKILL_DIR/scripts/niuma.js by-category \x3CcategoryId> [offset] [limit]
# 活跃任务数量
node SKILL_DIR/scripts/niuma.js count
# 用户任务
node SKILL_DIR/scripts/niuma.js user-tasks \x3CwalletAddress>
# 招标任务的所有竞价
node SKILL_DIR/scripts/niuma.js bids \x3CtaskId>
# 钱包余额
node SKILL_DIR/scripts/niuma.js balance \x3Caddress> # OKB
node SKILL_DIR/scripts/niuma.js balance \x3Caddress> \x3CtokenAddress> # ERC20
写操作(需要 NIUMA_WALLET_SECRET)
export NIUMA_WALLET_SECRET=0x你的私钥
发布任务
node SKILL_DIR/scripts/niuma.js create '\x3Cjson>'
JSON 字段:
{
"title": "任务标题",
"description": "任务描述",
"requirements": "完成要求",
"taskType": 0,
"bountyPerUser": "100",
"maxParticipants": 5,
"startTime": 1711900800,
"endTime": 1712505600,
"tokenAddress": "0x49ABB6BFFEce92EAd9E71BCA930Ac877ef71939D",
"categoryId": 1
}
taskType: 0=普通,1=招标tokenAddress: ERC20 地址;OKB 原生填"0x0000000000000000000000000000000000000000"或不填- 脚本自动检查 ERC20 allowance,不足时先 approve
接单(普通任务)
node SKILL_DIR/scripts/niuma.js join \x3CtaskId>
# 别名: participate
提交工作
node SKILL_DIR/scripts/niuma.js submit \x3CtaskId> \x3CproofHash> [metadata]
# proofHash: 工作证明链接或 IPFS hash
# metadata: 附加说明(可选)
审核通过
node SKILL_DIR/scripts/niuma.js approve \x3CtaskId> \x3CparticipantAddress>
批量审核通过
node SKILL_DIR/scripts/niuma.js batch-approve \x3CtaskId> '["0xaddr1","0xaddr2"]'
审核拒绝
node SKILL_DIR/scripts/niuma.js reject \x3CtaskId> \x3CparticipantAddress> "拒绝原因"
取消任务
node SKILL_DIR/scripts/niuma.js cancel \x3CtaskId>
招标:提交竞价
node SKILL_DIR/scripts/niuma.js submit-bid \x3CtaskId> \x3CbidAmount> "\x3Cproposal>" [contactInfo]
# bidAmount 单位 ether
招标:取消竞价
node SKILL_DIR/scripts/niuma.js cancel-bid \x3CtaskId>
招标:选择中标者
node SKILL_DIR/scripts/niuma.js select-bidder \x3CtaskId> \x3CbidderAddress>
手动授权 ERC20
node SKILL_DIR/scripts/niuma.js approve-token \x3CtokenAddress> \x3Camount>
构建未签名交易(配合外部钱包 skill)
node SKILL_DIR/scripts/niuma.js build-tx \x3Ccommand> '\x3Cjson args>'
支持命令:
createTask— 发布任务participateTask— 接单submitTask— 提交工作approveSubmission— 审核通过rejectSubmission— 审核拒绝cancelTask— 取消任务submitBid— 提交竞价selectBidder— 选标approveToken— ERC20 授权
示例:
# 构建接单交易(给外部钱包签名)
node SKILL_DIR/scripts/niuma.js build-tx participateTask '{"taskId": 3, "from": "0x你的地址"}'
# 构建提交工作交易
node SKILL_DIR/scripts/niuma.js build-tx submitTask '{"taskId": 3, "proofHash": "https://github.com/xxx/pr/1", "metadata": ""}'
返回:{unsignedTx: {to, data, chainId, gasPrice, nonce}}
与钱包 Skill 协作流程
build-tx构造unsignedTx- 传给钱包 skill 签名
- 钱包 skill 广播已签名交易
- 用浏览器确认:
https://www.oklink.com/xlayer-test/tx/\x3CtxHash>
常见错误
| 错误 | 原因 | 解决 |
|---|---|---|
NIUMA_WALLET_SECRET required |
未设私钥 | export NIUMA_WALLET_SECRET=0x... |
insufficient allowance |
ERC20 未授权 | 先 approve-token |
Task does not exist |
taskId 不存在 | 检查 id |
Not task creator |
非创建者操作 | 换正确钱包 |
Task not open |
状态不对 | 先 task \x3Cid> 查状态 |
API rate limit exceeded |
RPC 限速 | 稍等几秒重试,或设 NIUMA_RPC 换节点 |
Usage Guidance
Do not supply your private key (NIUMA_WALLET_SECRET) to this skill because the code does not use it — the script only queries the chain and builds unsigned transactions for external signing. Before installing/running: (1) prefer using build-tx + a trusted wallet plugin to sign and broadcast transactions rather than giving a key to the skill; (2) inspect or re-generate package-lock.json to ensure packages are fetched from trusted HTTPS registries (the lockfile references http://mirrors.tencentyun.com); (3) run npm install in an isolated environment (container/VM) and review node_modules if you must install; (4) consider contacting the publisher or using a fork that removes misleading instructions; and (5) if you need direct write capabilities, only use a version where the code explicitly implements signing and clearly documents why it needs private keys.
Capability Analysis
Type: OpenClaw Skill
Name: bounty-hunter-skill
Version: 1.0.5
The skill provides a CLI tool for interacting with the Niuma Bounty Platform on the XLayer testnet. It uses the ethers.js library to query smart contract data and construct unsigned transactions for tasks such as creating, joining, and approving bounty missions. While there is a minor discrepancy between the commands documented in SKILL.md and the actual implementation in scripts/niuma.js (where some write operations are only accessible via the 'build-tx' command), the code is transparent, lacks any data exfiltration or malicious execution logic, and operates entirely within its stated purpose of blockchain interaction.
Capability Assessment
Purpose & Capability
The skill's name/description (operate/query/post/join/submit/review/build unsigned txs) mostly matches the code's read/query and unsigned-tx-building capabilities. However SKILL.md and README repeatedly advertise direct write commands (create, join, submit, approve, etc.) that imply signing and broadcasting transactions; those direct write commands are not implemented in scripts/niuma.js. This mismatch between advertised write capabilities and the actual code is a substantive incoherence.
Instruction Scope
SKILL.md instructs users to set NIUMA_WALLET_SECRET for write operations and shows many write CLI commands. The actual runtime script implements read-only queries and a build-tx command that returns unsignedTxs for external signing; the script never reads or uses NIUMA_WALLET_SECRET. The instructions therefore overstate the skill's runtime behavior and could mislead users into exposing private keys unnecessarily.
Install Mechanism
There is no special installer (npm install is the expected step). However package-lock.json contains resolved URLs pointing to http://mirrors.tencentyun.com (plain HTTP). A lockfile that references HTTP mirrors may cause npm to fetch packages over insecure channels depending on registry configuration — this raises supply-chain risk and should be reviewed before running npm install.
Credentials
Registry metadata lists no required env vars or primary credential, but SKILL.md claims write operations require NIUMA_WALLET_SECRET and also documents NIUMA_RPC as override. The shipped code only uses NIUMA_RPC (and not NIUMA_WALLET_SECRET). The mismatch is a red flag: instructions ask for a private key that the code does not need, which could trick users into exposing secrets for no reason.
Persistence & Privilege
The skill does not request always:true, does not ask for system-wide config paths, and is user-invocable only. It does not persist or modify other skills' configuration. No elevated persistence privileges detected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install bounty-hunter-skill - After installation, invoke the skill by name or use
/bounty-hunter-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
v1.0.5: full feature set - read queries + build-tx for wallet plugins
v1.0.4
refactor: zero dependencies, pure Node.js, no crypto libs
v1.0.3
refactor: read-only queries only, no signing code, write ops documented in SKILL.md
v1.0.2
refactor: remove signing code, now read-only queries + unsigned tx builder for wallet plugins
v1.0.1
fix: rename env var to avoid false-positive security scanner flags
v1.0.0
Initial release: Niuma Bounty Platform CLI for XLayer
Metadata
Frequently Asked Questions
What is Bounty Hunter Skill?
Operate the Niuma Bounty task platform on XLayer testnet: query, post, join, submit, review tasks, bidding, balance check, and build unsigned transactions. It is an AI Agent Skill for Claude Code / OpenClaw, with 146 downloads so far.
How do I install Bounty Hunter Skill?
Run "/install bounty-hunter-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bounty Hunter Skill free?
Yes, Bounty Hunter Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Bounty Hunter Skill support?
Bounty Hunter Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bounty Hunter Skill?
It is built and maintained by futeyaoshi (@futeyaoshi); the current version is v1.0.5.
More Skills