← Back to Skills Marketplace
Github Bounty Finder
by
lvjunjie-byte
· GitHub ↗
· v1.0.1
· MIT-0
251
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install github-bounty-finder
Description
自动扫描并分析GitHub Issues中的bounty标签,推荐高价值低竞争的开源奖励机会并支持状态追踪提醒。
README (SKILL.md)
GitHub Bounty Finder Skill
🎯 Find high-value GitHub and Algora bounties with automated competition analysis
Description
GitHub Bounty Finder is a powerful scanning tool that helps developers discover lucrative bounty opportunities on GitHub and Algora. It automatically analyzes competition levels, scores opportunities, and provides actionable recommendations.
Features
- 🔍 Multi-Platform Scanning: Scan both GitHub Issues and Algora bounties
- 📊 Competition Analysis: Analyze PR counts, comments, and engagement
- 🎯 Smart Filtering: Auto-filter low-competition, high-value opportunities
- 💰 Opportunity Scoring: 0-100 scoring algorithm based on value, competition, and freshness
- 🤖 Automated Recommendations: Get actionable insights for each bounty
- 📈 Pricing Intelligence: Market-based pricing recommendations
Installation
# Install via clawhub
clawhub install github-bounty-finder
# Or install manually
cd skills/github-bounty-finder
npm install
Configuration
Create a .env file in the skill directory:
GITHUB_TOKEN=your_github_personal_access_token
ALGORA_API_KEY=your_algora_api_key
Getting API Keys
-
GitHub Token:
- Go to GitHub Settings → Developer settings → Personal access tokens
- Create a token with
public_reposcope
-
Algora API Key:
- Visit https://algora.io/settings/api
- Generate a new API key
Usage
Basic Scan
github-bounty-finder scan
Advanced Options
# Custom search query
github-bounty-finder scan --query "bug bounty"
# Set minimum bounty amount
github-bounty-finder scan --min-bounty 500
# Limit competition (max comments)
github-bounty-finder scan --max-competition 3
# GitHub only
github-bounty-finder scan --github-only
# Save results to file
github-bounty-finder scan --output results.json
Demo Mode
github-bounty-finder demo
Check Configuration
github-bounty-finder config
Output Format
The scanner returns structured data:
{
"bounties": [
{
"id": 123,
"title": "Fix memory leak",
"url": "https://github.com/...",
"bountyAmount": 1500,
"comments": 0,
"score": 95,
"competitionLevel": "None",
"recommendedAction": "🔥 HIGH PRIORITY - Apply immediately"
}
],
"totalFound": 25,
"highPriority": 5,
"goodOpportunities": 12,
"pricingRecommendation": {
"recommendedPrice": 149,
"currency": "USD",
"billingCycle": "monthly"
}
}
Opportunity Scoring Algorithm
Scores are calculated based on:
-
Bounty Value (0-30 points): Higher bounties score better
- $1000+: +30 points
- $500+: +20 points
- $200+: +10 points
-
Competition Level (0-40 points): Less competition is better
- 0 comments: +40 points
- 1-2 comments: +30 points
- 3-5 comments: +20 points
- 6-10 comments: +10 points
-
Freshness (0-20 points): Newer is better
- ≤3 days: +20 points
- ≤7 days: +15 points
- ≤14 days: +10 points
- ≤30 days: +5 points
Pricing Strategy
Recommended Price: $149/month
Justification:
- Average bounty value: $500-2000
- Time saved: 10-20 hours/week on manual searching
- ROI: One successful bounty covers 3-6 months subscription
- Target market: Professional developers, bounty hunters, OSS contributors
Expected Revenue: $3,000-8,000/month
- Conservative: 20 subscribers × $149 = $2,980/month
- Target: 50 subscribers × $149 = $7,450/month
- Optimistic: 100 subscribers × $149 = $14,900/month
Integration Examples
Node.js
const BountyScanner = require('github-bounty-finder');
const scanner = new BountyScanner({
minBounty: 200,
maxCompetition: 5
});
const results = await scanner.scan({
github: true,
algora: true,
limit: 100
});
console.log(`Found ${results.highPriority} high-priority bounties!`);
CLI Automation
# Daily scan with cron
0 9 * * * github-bounty-finder scan --min-bounty 500 --output /path/to/results.json
Troubleshooting
API Rate Limits
If you hit GitHub API rate limits:
- Use authenticated requests (set GITHUB_TOKEN)
- Reduce scan frequency
- Increase delay between requests
No Results Found
- Lower your
--min-bountythreshold - Increase
--max-competitionlimit - Try different search queries
License
MIT
Support
For issues and feature requests, visit the GitHub repository.
Made with 🐉 by OpenClaw Skills
Usage Guidance
This skill otherwise appears to do what it claims (scan GitHub and Algora for bounties). Before installing: 1) Note the registry metadata omission — you must supply a GitHub personal access token and an Algora API key (SKILL.md explains this). 2) Use a token with minimal scopes (public_repo as suggested) and avoid reusing a high-privilege token; store it in a directory-local .env or a secrets manager and rotate it if needed. 3) Review the referenced repository URL and author if you need provenance; run npm install in an isolated environment (or scan packages) before running. 4) Because the package performs network requests, verify you’re comfortable with it making API calls to api.github.com and api.algora.io. 5) If you want stronger assurance, inspect the published repository (or run npm audit) and consider running the tool inside a container or VM so credentials are easier to isolate. The main actionable issue is the metadata/documentation mismatch — treat that as a red flag and confirm credentials and origin before use.
Capability Analysis
Type: OpenClaw Skill
Name: github-bounty-finder
Version: 1.0.1
The GitHub Bounty Finder skill is a functional tool designed to scan GitHub and Algora for bounty opportunities. The code in src/scanner.js and bin/cli.js uses standard libraries (axios, commander) to interact with official APIs and perform scoring based on bounty value and competition. While the documentation and code include unusual business-oriented logic for 'pricing recommendations' and revenue projections, there is no evidence of malicious intent, data exfiltration, or unauthorized command execution.
Capability Assessment
Purpose & Capability
The skill's code and SKILL.md clearly require a GITHUB_TOKEN and an ALGORA_API_KEY for its stated purpose (scanning GitHub and Algora). However, the registry metadata lists no required environment variables or primary credential. This mismatch is an incoherence: anyone running the scanner legitimately needs those tokens, so the metadata should declare them.
Instruction Scope
SKILL.md and bin/cli.js keep instructions focused on scanning GitHub/Algora, creating a local .env file, and running the CLI. The runtime instructions and code only read environment variables (GITHUB_TOKEN, ALGORA_API_KEY), query GitHub/Algora APIs, extract bounty amounts from issue bodies, and produce JSON output. There are no instructions to read unrelated files, access unrelated credentials, or send data to unexpected external endpoints.
Install Mechanism
There is no separate install spec provided by the registry (instruction-only claim), but the package includes package.json with typical dependencies (axios, node-fetch, chalk, commander, dotenv). No downloads from untrusted URLs or extract-from-URL steps are present. The presence of code files means installing (npm install) will pull dependencies from npm; that's expected but should be done in a trusted/isolated environment. Minor oddity: both axios and node-fetch are listed (redundant but not malicious).
Credentials
The only environment values accessed by the code are GITHUB_TOKEN and ALGORA_API_KEY, which are proportionate to the stated functionality. However, the registry metadata claimed 'Required env vars: none' while SKILL.md and code ask the user to create a .env with both tokens. This omission in metadata is a security/usability concern because users may not realize credentials are required or needed to run authenticated scans.
Persistence & Privilege
The skill does not request persistent/privileged platform presence (always: false). It does not modify other skills or system-wide agent settings. It runs as a CLI library and only uses environment variables and outbound API calls; autonomous invocation settings are default and unremarkable.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install github-bounty-finder - After installation, invoke the skill by name or use
/github-bounty-finder - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Initial release - GitHub & Algora bounty scanner
v1.0.0
GitHub-Bounty-Finder Skill 1.0.0 – Initial Release
- 自动扫描 GitHub Issues,识别带有 bounty 标签的机会
- 分析 bounty 奖励金额与参与竞争程度,智能推荐高价值低竞争任务
- 提供参与人数、技能要求的匹配度及实时追踪提醒功能
- 支持关键词触发、repo 分析、bounty 追踪等命令行操作
- 输出包含标题、奖励金额、竞争者、技能匹配等信息的结构化列表
Metadata
Frequently Asked Questions
What is Github Bounty Finder?
自动扫描并分析GitHub Issues中的bounty标签,推荐高价值低竞争的开源奖励机会并支持状态追踪提醒。 It is an AI Agent Skill for Claude Code / OpenClaw, with 251 downloads so far.
How do I install Github Bounty Finder?
Run "/install github-bounty-finder" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Github Bounty Finder free?
Yes, Github Bounty Finder is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Github Bounty Finder support?
Github Bounty Finder is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Github Bounty Finder?
It is built and maintained by lvjunjie-byte (@lvjunjie-byte); the current version is v1.0.1.
More Skills