Bug Bounty 猎人 - 自动扫描漏洞、生成报告、追踪奖励。适合：安全研究员、白帽子。

This skill is an instruction-only 'bug bounty hunter' that outlines scanning and reporting capabilities but is vague about how scans are performed and lacks safeguards or integrations. Before installing or enabling it: (1) confirm you trust the skill author and understand provenance — source/homepage is unknown; (2) require explicit scope and authorization checks to prevent unauthorized scanning (limit to targets you own or are permitted to test); (3) ask the author for details about what tools or network access the skill expects (e.g., does it call external scanners, require API keys for bounty platforms?); (4) do not grant agent autonomous, unfettered network scanning rights unless you have clear legal authorization and logging; (5) if you plan to use reward-tracking features, require explicit declarations of which services are integrated and any credentials needed, and prefer using dedicated, audited integrations rather than giving broad access. If you need higher assurance, request a more detailed SKILL.md that specifies tooling, safety checks, and required integrations, or decline until provenance and scope are clarified.

Type: OpenClaw Skill Name: bug-bounty Version: 1.0.3 The skill bundle defines a 'Bug Bounty Hunter' agent designed to perform automated vulnerability scanning (SQLi, XSS, CSRF) and sensitive information discovery. While the stated intent is security research, these are high-risk capabilities that involve automated network attacks and could be used for unauthorized scanning. No implementation code was provided, but the instructions in SKILL.md define a high-risk operational profile for the AI agent.