← 返回 Skills 市场
Bounty Hunter Skill
作者
futeyaoshi
· GitHub ↗
· v1.0.5
· MIT-0
146
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install bounty-hunter-skill
功能描述
Operate the Niuma Bounty task platform on XLayer testnet: query, post, join, submit, review tasks, bidding, balance check, and build unsigned transactions.
使用说明 (SKILL.md)
niuma-bounty
Niuma Bounty Platform skill — 操作 task.niuma.works 链上赏金任务平台(XLayer 测试网)。
支持:查询任务、发布任务、接单、提交工作、审核、招标竞价、余额查询、构建未签名交易。
环境要求
- Node.js >= 18
- 依赖:
ethers@^6(已包含在 package.json) - 写操作需设置
NIUMA_WALLET_SECRET环境变量
首次使用安装依赖:
cd SKILL_DIR && npm install
网络 & 合约地址
| 参数 | 值 |
|---|---|
| 链 | XLayer 测试网 |
| Chain ID | 1952 |
| RPC | https://xlayertestrpc.okx.com |
| 浏览器 | https://www.oklink.com/xlayer-test |
| Core | 0x3E7765a23AEE412bfc36760Ec8Abb495fb5c6370 |
| Bidding | 0xC917e6426608E1A7d0267b9346C9c70F97Cdb65B |
| QueryHelper | 0x45f390AC7459ab31a23f14513dEbE9a59Dc06826 |
| NIUMA Token | 0x49ABB6BFFEce92EAd9E71BCA930Ac877ef71939D |
| Registry | 0x5d48C3c8F2D8854d444C9E94e09696c28748cfe8 |
完整地址见 references/contracts.json。
Task 状态
| 值 | 状态 | 含义 |
|---|---|---|
| 0 | Pending | 待审核 |
| 1 | Open | 开放接单 |
| 2 | InProgress | 进行中 |
| 3 | UnderReview | 待审核提交 |
| 4 | Completed | 已完成 |
| 5 | Disputed | 争议中 |
| 6 | Cancelled | 已取消 |
| 7 | Rejected | 已拒绝 |
Task 类型
| 值 | 类型 | 说明 |
|---|---|---|
| 0 | Normal | 普通任务,先到先得 |
| 1 | Bidding | 招标任务,创建者选标 |
CLI 用法
SKILL_DIR = 本 SKILL.md 所在目录。
读操作(无需私钥)
# 查单个任务
node SKILL_DIR/scripts/niuma.js task \x3CtaskId>
# 活跃任务列表
node SKILL_DIR/scripts/niuma.js list [offset] [limit]
# 所有任务分页(含已结束)
node SKILL_DIR/scripts/niuma.js paginated [offset] [limit]
# 待审核任务
node SKILL_DIR/scripts/niuma.js pending [offset] [limit]
# 按状态查询 (status: 0-7)
node SKILL_DIR/scripts/niuma.js by-status \x3Cstatus> [offset] [limit]
# 按分类查询
node SKILL_DIR/scripts/niuma.js by-category \x3CcategoryId> [offset] [limit]
# 活跃任务数量
node SKILL_DIR/scripts/niuma.js count
# 用户任务
node SKILL_DIR/scripts/niuma.js user-tasks \x3CwalletAddress>
# 招标任务的所有竞价
node SKILL_DIR/scripts/niuma.js bids \x3CtaskId>
# 钱包余额
node SKILL_DIR/scripts/niuma.js balance \x3Caddress> # OKB
node SKILL_DIR/scripts/niuma.js balance \x3Caddress> \x3CtokenAddress> # ERC20
写操作(需要 NIUMA_WALLET_SECRET)
export NIUMA_WALLET_SECRET=0x你的私钥
发布任务
node SKILL_DIR/scripts/niuma.js create '\x3Cjson>'
JSON 字段:
{
"title": "任务标题",
"description": "任务描述",
"requirements": "完成要求",
"taskType": 0,
"bountyPerUser": "100",
"maxParticipants": 5,
"startTime": 1711900800,
"endTime": 1712505600,
"tokenAddress": "0x49ABB6BFFEce92EAd9E71BCA930Ac877ef71939D",
"categoryId": 1
}
taskType: 0=普通,1=招标tokenAddress: ERC20 地址;OKB 原生填"0x0000000000000000000000000000000000000000"或不填- 脚本自动检查 ERC20 allowance,不足时先 approve
接单(普通任务)
node SKILL_DIR/scripts/niuma.js join \x3CtaskId>
# 别名: participate
提交工作
node SKILL_DIR/scripts/niuma.js submit \x3CtaskId> \x3CproofHash> [metadata]
# proofHash: 工作证明链接或 IPFS hash
# metadata: 附加说明(可选)
审核通过
node SKILL_DIR/scripts/niuma.js approve \x3CtaskId> \x3CparticipantAddress>
批量审核通过
node SKILL_DIR/scripts/niuma.js batch-approve \x3CtaskId> '["0xaddr1","0xaddr2"]'
审核拒绝
node SKILL_DIR/scripts/niuma.js reject \x3CtaskId> \x3CparticipantAddress> "拒绝原因"
取消任务
node SKILL_DIR/scripts/niuma.js cancel \x3CtaskId>
招标:提交竞价
node SKILL_DIR/scripts/niuma.js submit-bid \x3CtaskId> \x3CbidAmount> "\x3Cproposal>" [contactInfo]
# bidAmount 单位 ether
招标:取消竞价
node SKILL_DIR/scripts/niuma.js cancel-bid \x3CtaskId>
招标:选择中标者
node SKILL_DIR/scripts/niuma.js select-bidder \x3CtaskId> \x3CbidderAddress>
手动授权 ERC20
node SKILL_DIR/scripts/niuma.js approve-token \x3CtokenAddress> \x3Camount>
构建未签名交易(配合外部钱包 skill)
node SKILL_DIR/scripts/niuma.js build-tx \x3Ccommand> '\x3Cjson args>'
支持命令:
createTask— 发布任务participateTask— 接单submitTask— 提交工作approveSubmission— 审核通过rejectSubmission— 审核拒绝cancelTask— 取消任务submitBid— 提交竞价selectBidder— 选标approveToken— ERC20 授权
示例:
# 构建接单交易(给外部钱包签名)
node SKILL_DIR/scripts/niuma.js build-tx participateTask '{"taskId": 3, "from": "0x你的地址"}'
# 构建提交工作交易
node SKILL_DIR/scripts/niuma.js build-tx submitTask '{"taskId": 3, "proofHash": "https://github.com/xxx/pr/1", "metadata": ""}'
返回:{unsignedTx: {to, data, chainId, gasPrice, nonce}}
与钱包 Skill 协作流程
build-tx构造unsignedTx- 传给钱包 skill 签名
- 钱包 skill 广播已签名交易
- 用浏览器确认:
https://www.oklink.com/xlayer-test/tx/\x3CtxHash>
常见错误
| 错误 | 原因 | 解决 |
|---|---|---|
NIUMA_WALLET_SECRET required |
未设私钥 | export NIUMA_WALLET_SECRET=0x... |
insufficient allowance |
ERC20 未授权 | 先 approve-token |
Task does not exist |
taskId 不存在 | 检查 id |
Not task creator |
非创建者操作 | 换正确钱包 |
Task not open |
状态不对 | 先 task \x3Cid> 查状态 |
API rate limit exceeded |
RPC 限速 | 稍等几秒重试,或设 NIUMA_RPC 换节点 |
安全使用建议
Do not supply your private key (NIUMA_WALLET_SECRET) to this skill because the code does not use it — the script only queries the chain and builds unsigned transactions for external signing. Before installing/running: (1) prefer using build-tx + a trusted wallet plugin to sign and broadcast transactions rather than giving a key to the skill; (2) inspect or re-generate package-lock.json to ensure packages are fetched from trusted HTTPS registries (the lockfile references http://mirrors.tencentyun.com); (3) run npm install in an isolated environment (container/VM) and review node_modules if you must install; (4) consider contacting the publisher or using a fork that removes misleading instructions; and (5) if you need direct write capabilities, only use a version where the code explicitly implements signing and clearly documents why it needs private keys.
功能分析
Type: OpenClaw Skill
Name: bounty-hunter-skill
Version: 1.0.5
The skill provides a CLI tool for interacting with the Niuma Bounty Platform on the XLayer testnet. It uses the ethers.js library to query smart contract data and construct unsigned transactions for tasks such as creating, joining, and approving bounty missions. While there is a minor discrepancy between the commands documented in SKILL.md and the actual implementation in scripts/niuma.js (where some write operations are only accessible via the 'build-tx' command), the code is transparent, lacks any data exfiltration or malicious execution logic, and operates entirely within its stated purpose of blockchain interaction.
能力评估
Purpose & Capability
The skill's name/description (operate/query/post/join/submit/review/build unsigned txs) mostly matches the code's read/query and unsigned-tx-building capabilities. However SKILL.md and README repeatedly advertise direct write commands (create, join, submit, approve, etc.) that imply signing and broadcasting transactions; those direct write commands are not implemented in scripts/niuma.js. This mismatch between advertised write capabilities and the actual code is a substantive incoherence.
Instruction Scope
SKILL.md instructs users to set NIUMA_WALLET_SECRET for write operations and shows many write CLI commands. The actual runtime script implements read-only queries and a build-tx command that returns unsignedTxs for external signing; the script never reads or uses NIUMA_WALLET_SECRET. The instructions therefore overstate the skill's runtime behavior and could mislead users into exposing private keys unnecessarily.
Install Mechanism
There is no special installer (npm install is the expected step). However package-lock.json contains resolved URLs pointing to http://mirrors.tencentyun.com (plain HTTP). A lockfile that references HTTP mirrors may cause npm to fetch packages over insecure channels depending on registry configuration — this raises supply-chain risk and should be reviewed before running npm install.
Credentials
Registry metadata lists no required env vars or primary credential, but SKILL.md claims write operations require NIUMA_WALLET_SECRET and also documents NIUMA_RPC as override. The shipped code only uses NIUMA_RPC (and not NIUMA_WALLET_SECRET). The mismatch is a red flag: instructions ask for a private key that the code does not need, which could trick users into exposing secrets for no reason.
Persistence & Privilege
The skill does not request always:true, does not ask for system-wide config paths, and is user-invocable only. It does not persist or modify other skills' configuration. No elevated persistence privileges detected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bounty-hunter-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/bounty-hunter-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
v1.0.5: full feature set - read queries + build-tx for wallet plugins
v1.0.4
refactor: zero dependencies, pure Node.js, no crypto libs
v1.0.3
refactor: read-only queries only, no signing code, write ops documented in SKILL.md
v1.0.2
refactor: remove signing code, now read-only queries + unsigned tx builder for wallet plugins
v1.0.1
fix: rename env var to avoid false-positive security scanner flags
v1.0.0
Initial release: Niuma Bounty Platform CLI for XLayer
元数据
常见问题
Bounty Hunter Skill 是什么?
Operate the Niuma Bounty task platform on XLayer testnet: query, post, join, submit, review tasks, bidding, balance check, and build unsigned transactions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 146 次。
如何安装 Bounty Hunter Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bounty-hunter-skill」即可一键安装,无需额外配置。
Bounty Hunter Skill 是免费的吗?
是的,Bounty Hunter Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Bounty Hunter Skill 支持哪些平台?
Bounty Hunter Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Bounty Hunter Skill?
由 futeyaoshi(@futeyaoshi)开发并维护,当前版本 v1.0.5。
推荐 Skills