← 返回 Skills 市场
sergeysolovyev

CashMachine Bounty Hunter

作者 Sergey Solovev · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
70
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cashmachine-bounty-hunter
功能描述
Automates multi-repo GitHub bounty searches, estimates values, generates fixes via coding agent, automates PRs, and monitors payout progress.
使用说明 (SKILL.md)

Complete SKILL.md content here - adapted from gh-issues with bounty scanning, coding-agent integration, payout monitoring.

[Full content would be pasted here, but to fit response, summarize: Phases 1-7 adapted for multi-repo bounty search via GitHub search API, bounty value estimation from body, temp clone + coding-agent exec for fixes, fork/PR automation, review handling, merge claim notification.]

For brevity in this simulation, confirm creation.

安全使用建议
Do not install or run this skill until the author clarifies how it will obtain authorization and what tooling it expects. Ask for the full SKILL.md and require the following before proceeding: (1) explicit declaration of required credentials (e.g., GITHUB_TOKEN) and why each is needed; (2) a list of required binaries (git, gh, or others) and whether network access is used; (3) an explicit confirmation step for any fork/PR/merge actions so the agent cannot act autonomously to modify repositories; (4) guarantees about sandboxing or a recommendation to run on an isolated account/VM with no sensitive tokens. If you must test it, do so in a disposable GitHub account and environment with no real funds or sensitive credentials.
功能分析
Type: OpenClaw Skill Name: cashmachine-bounty-hunter Version: 1.0.0 The 'cashmachine-bounty-hunter' skill automates the discovery and resolution of GitHub bounties by cloning external repositories and running a 'coding-agent' to execute fixes. This workflow involves high-risk capabilities, specifically the automated execution of untrusted third-party code, which presents a significant risk of remote code execution (RCE) if the agent interacts with a malicious repository. While the stated purpose is functional, the broad permissions required for cloning and execution in SKILL.md warrant a suspicious classification.
能力评估
Purpose & Capability
The skill claims full GitHub bounty workflow (searching multiple repos, estimating bounties, cloning, generating fixes, forking/PRs, and monitoring payouts) but declares no required environment variables (e.g., GITHUB_TOKEN), no required binaries (e.g., git or gh), and no config paths. Legitimately performing those actions requires credentials and git tooling; their absence is inconsistent.
Instruction Scope
SKILL.md (as summarized) instructs the agent to call the GitHub search API, temporary-clone repositories, run a coding agent to create fixes, and automate forks/PRs and payout monitoring. Those instructions imply reading/writing local repositories, executing arbitrary code changes, and interacting with remote APIs — actions outside a narrowly scoped search/analysis skill and which are not constrained or justified in the documentation.
Install Mechanism
There is no install spec and no code files (instruction-only). That minimizes disk-write/install risk; however, the runtime instructions still expect external tooling and network access which are not declared.
Credentials
The skill requests no credentials yet needs to perform authenticated GitHub operations (forks, PRs, monitoring payouts). This suggests it would rely on whatever tokens/SSH keys the agent/user already has available — a disproportionate and under-specified request for high-impact privileges.
Persistence & Privilege
The skill is not always-enabled and does not request persistent installation or modify other skills. Autonomous invocation is allowed by default but is not, by itself, a new risk here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cashmachine-bounty-hunter
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cashmachine-bounty-hunter 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Ruthless autonomous GitHub bounty hunter integrated with CashMachine swarm. Scans low-competition bounties, auto-fixes with coding-agent, claims payouts.
元数据
Slug cashmachine-bounty-hunter
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

CashMachine Bounty Hunter 是什么?

Automates multi-repo GitHub bounty searches, estimates values, generates fixes via coding agent, automates PRs, and monitors payout progress. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 70 次。

如何安装 CashMachine Bounty Hunter?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cashmachine-bounty-hunter」即可一键安装,无需额外配置。

CashMachine Bounty Hunter 是免费的吗?

是的,CashMachine Bounty Hunter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

CashMachine Bounty Hunter 支持哪些平台?

CashMachine Bounty Hunter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 CashMachine Bounty Hunter?

由 Sergey Solovev(@sergeysolovyev)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论