← 返回 Skills 市场
268
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auto-bounty-hunter
功能描述
Automatically scan GitHub repositories for open issues with 0 comments, evaluate their value, claim them, and submit PRs. Automates the entire GitHub bounty...
使用说明 (SKILL.md)
GitHub Bounty Hunter
Automate the entire GitHub bounty hunting workflow: scan for opportunities, evaluate value, claim issues, and submit PRs.
What This Skill Does
- Scans GitHub for 0-comment issues (first-mover advantage)
- Evaluates issue value and complexity
- Claims viable issues automatically
- Submits PRs with quality implementations
- Tracks submissions and monitors merge status
Usage
Quick Start
# Scan and process issues automatically
bash scripts/bounty_hunter.sh
Configuration
Edit scripts/config.sh to customize:
MIN_VALUE=10 # Minimum estimated value ($)
MAX_COMPLEXITY=5 # Max complexity (1-10 scale)
AUTO_CLAIM=true # Auto-claim issues
AUTO_SUBMIT=true # Auto-submit PRs
Automated Operation
Set up cron for continuous scanning:
# Every 30 minutes
*/30 * * * * bash ~/.openclaw/workspace/skills/github-bounty-hunter/scripts/bounty_hunter.sh
How It Works
- Discovery: Searches GitHub for
is:issue is:open comments:0 - Filtering: Removes spam, duplicates, and low-value issues
- Evaluation: Scores based on:
- Repository stars/activity
- Issue clarity and scope
- Estimated time to complete
- Potential payout
- Claiming: Comments on issue to claim it
- Implementation: Generates solution and submits PR
- Tracking: Monitors PR status and merge events
Scripts
bounty_hunter.sh- Main automation scriptconfig.sh- Configuration settingsevaluator.sh- Issue value evaluationtracker.sh- PR status tracking
Best Practices
- Start with
AUTO_CLAIM=falseto review opportunities first - Focus on repositories with clear contribution guidelines
- Maintain high PR quality to build reputation
- Track merge rate and adjust strategy
Revenue Potential
- Conservative: $50-200/month (5-10 merged PRs)
- Moderate: $200-500/month (10-25 merged PRs)
- Aggressive: $500-1000/month (25-50 merged PRs)
Success depends on:
- PR quality and merge rate
- Time invested
- Repository selection
- Market conditions
安全使用建议
This skill is inconsistent and should be treated cautiously. Key issues: (1) The code uses the GitHub CLI (gh) and jq and needs a GitHub-authenticated account to comment/claim/create PRs, but the registry declares no required binaries or credentials—so running it as-is will fail or may rely on preconfigured local credentials you didn't intend to use. (2) The SKILL.md promises full automation (claiming and submitting PRs), but the package is missing evaluator.sh and any PR-submission code—the implementation is incomplete. Before installing or running: - Do not schedule cron or enable autonomous runs until you review and test thoroughly. - Require DRY_RUN=true and AUTO_CLAIM=false while auditing. - Verify presence and provenance of gh and jq on the host; prefer installing them manually from official sources. - Use a disposable or limited-scope GitHub account/token for testing (least privilege). - Inspect or request the missing evaluator.sh and submission code to confirm what it would post to issues/PRs. - Consider ethical and platform-policy implications: automated claiming/submitting across others' repos can violate contribution policies or be considered abusive. If the author cannot explain the missing pieces and properly declare required credentials and binaries, do not run it.
功能分析
Type: OpenClaw Skill
Name: auto-bounty-hunter
Version: 1.0.0
The skill bundle provides a framework for automating the discovery and tracking of GitHub issues for open-source contributions. It uses the official GitHub CLI (`gh`) and `jq` to scan for issues with no comments, evaluate them based on repository popularity (stars), and maintain a local queue in `data/queue.json`. While the stated goal of 'bounty hunting' for passive income can be associated with low-quality automation, the provided scripts (`bounty_hunter.sh`, `tracker.sh`, `config.sh`) contain no evidence of malicious intent, data exfiltration, or unauthorized access.
能力评估
Purpose & Capability
The skill claims to fully automate discovery, claiming, and PR submission on GitHub. The scripts use the GitHub CLI (gh) and jq, and will need an authenticated GitHub identity to comment/claim/create PRs, yet the registry metadata declares no required binaries or credentials. That mismatch (no GH token or gh/jq declared) is disproportionate to the stated purpose and is incoherent.
Instruction Scope
SKILL.md instructs running the automation and setting up cron to run the script continuously and describes auto-claim/auto-submit behaviors. The actual code (bounty_hunter.sh and tracker.sh) implements scanning, evaluation scaffolding, and queueing, but there is no evaluator.sh or any submission/PR-creation implementation in the provided files—so the instructions promise actions the code does not implement. The scripts also will call gh to inspect repos and PRs and could comment/claim (if submission code were present), which is an externally impactful operation that requires explicit credential handling that is not declared.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain install risk. However, the scripts rely on external binaries (gh, jq) and assume they are present and authenticated; those dependencies are not declared in the registry metadata or SKILL.md. That omission is a practical installation/operation gap the user must address before use.
Credentials
The scripts will require an authenticated GitHub identity (gh uses local auth or GH_TOKEN) to perform claims/comments/PR operations, but the skill declares no required environment variables or primary credential. Requiring GitHub credentials is proportionate to the purpose, but they must be explicitly declared and minimized; the absence of any declared credential is a red flag. Additionally, the skill writes data and logs into the user's workspace (queue/history/log), which is expected but worth noting.
Persistence & Privilege
The skill is not marked always:true. It can be invoked autonomously (platform default). Autonomous invocation plus the ability to perform external actions (comment/claim/PR on GitHub) increases blast radius if the missing credential handling or automation toggles are misconfigured; combine that with the other inconsistencies before enabling autonomous runs or cron scheduling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auto-bounty-hunter - 安装完成后,直接呼叫该 Skill 的名称或使用
/auto-bounty-hunter触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Fully automated GitHub bounty hunting system with scanning, evaluation, claiming, and PR submission
元数据
常见问题
Auto Bounty Hunter 是什么?
Automatically scan GitHub repositories for open issues with 0 comments, evaluate their value, claim them, and submit PRs. Automates the entire GitHub bounty... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 268 次。
如何安装 Auto Bounty Hunter?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auto-bounty-hunter」即可一键安装,无需额外配置。
Auto Bounty Hunter 是免费的吗?
是的,Auto Bounty Hunter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Auto Bounty Hunter 支持哪些平台?
Auto Bounty Hunter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auto Bounty Hunter?
由 dagangtj(@dagangtj)开发并维护,当前版本 v1.0.0。
推荐 Skills