← 返回 Skills 市场

Github Bounty Finder

Name: Github Bounty Finder
Author: lvjunjie-byte

作者 lvjunjie-byte · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

251

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-bounty-finder

功能描述

自动扫描并分析GitHub Issues中的bounty标签，推荐高价值低竞争的开源奖励机会并支持状态追踪提醒。

使用说明 (SKILL.md)

GitHub Bounty Finder Skill

🎯 Find high-value GitHub and Algora bounties with automated competition analysis

Description

GitHub Bounty Finder is a powerful scanning tool that helps developers discover lucrative bounty opportunities on GitHub and Algora. It automatically analyzes competition levels, scores opportunities, and provides actionable recommendations.

Features

🔍 Multi-Platform Scanning: Scan both GitHub Issues and Algora bounties
📊 Competition Analysis: Analyze PR counts, comments, and engagement
🎯 Smart Filtering: Auto-filter low-competition, high-value opportunities
💰 Opportunity Scoring: 0-100 scoring algorithm based on value, competition, and freshness
🤖 Automated Recommendations: Get actionable insights for each bounty
📈 Pricing Intelligence: Market-based pricing recommendations

Installation

# Install via clawhub
clawhub install github-bounty-finder

# Or install manually
cd skills/github-bounty-finder
npm install

Configuration

Create a .env file in the skill directory:

GITHUB_TOKEN=your_github_personal_access_token
ALGORA_API_KEY=your_algora_api_key

Getting API Keys

GitHub Token:
- Go to GitHub Settings → Developer settings → Personal access tokens
- Create a token with public_repo scope
Algora API Key:
- Visit https://algora.io/settings/api
- Generate a new API key

Usage

Basic Scan

github-bounty-finder scan

Advanced Options

# Custom search query
github-bounty-finder scan --query "bug bounty"

# Set minimum bounty amount
github-bounty-finder scan --min-bounty 500

# Limit competition (max comments)
github-bounty-finder scan --max-competition 3

# GitHub only
github-bounty-finder scan --github-only

# Save results to file
github-bounty-finder scan --output results.json

Demo Mode

github-bounty-finder demo

Check Configuration

github-bounty-finder config

Output Format

The scanner returns structured data:

{
  "bounties": [
    {
      "id": 123,
      "title": "Fix memory leak",
      "url": "https://github.com/...",
      "bountyAmount": 1500,
      "comments": 0,
      "score": 95,
      "competitionLevel": "None",
      "recommendedAction": "🔥 HIGH PRIORITY - Apply immediately"
    }
  ],
  "totalFound": 25,
  "highPriority": 5,
  "goodOpportunities": 12,
  "pricingRecommendation": {
    "recommendedPrice": 149,
    "currency": "USD",
    "billingCycle": "monthly"
  }
}

Opportunity Scoring Algorithm

Scores are calculated based on:

Bounty Value (0-30 points): Higher bounties score better
- $1000+: +30 points
- $500+: +20 points
- $200+: +10 points
Competition Level (0-40 points): Less competition is better
- 0 comments: +40 points
- 1-2 comments: +30 points
- 3-5 comments: +20 points
- 6-10 comments: +10 points
Freshness (0-20 points): Newer is better
- ≤3 days: +20 points
- ≤7 days: +15 points
- ≤14 days: +10 points
- ≤30 days: +5 points

Pricing Strategy

Recommended Price: $149/month

Justification:

Average bounty value: $500-2000
Time saved: 10-20 hours/week on manual searching
ROI: One successful bounty covers 3-6 months subscription
Target market: Professional developers, bounty hunters, OSS contributors

Expected Revenue: $3,000-8,000/month

Conservative: 20 subscribers × $149 = $2,980/month
Target: 50 subscribers × $149 = $7,450/month
Optimistic: 100 subscribers × $149 = $14,900/month

Integration Examples

Node.js

const BountyScanner = require('github-bounty-finder');

const scanner = new BountyScanner({
  minBounty: 200,
  maxCompetition: 5
});

const results = await scanner.scan({
  github: true,
  algora: true,
  limit: 100
});

console.log(`Found ${results.highPriority} high-priority bounties!`);

CLI Automation

# Daily scan with cron
0 9 * * * github-bounty-finder scan --min-bounty 500 --output /path/to/results.json

Troubleshooting

API Rate Limits

If you hit GitHub API rate limits:

Use authenticated requests (set GITHUB_TOKEN)
Reduce scan frequency
Increase delay between requests

No Results Found

Lower your --min-bounty threshold
Increase --max-competition limit
Try different search queries

License

MIT

Support

For issues and feature requests, visit the GitHub repository.

Made with 🐉 by OpenClaw Skills

安全使用建议

This skill otherwise appears to do what it claims (scan GitHub and Algora for bounties). Before installing: 1) Note the registry metadata omission — you must supply a GitHub personal access token and an Algora API key (SKILL.md explains this). 2) Use a token with minimal scopes (public_repo as suggested) and avoid reusing a high-privilege token; store it in a directory-local .env or a secrets manager and rotate it if needed. 3) Review the referenced repository URL and author if you need provenance; run npm install in an isolated environment (or scan packages) before running. 4) Because the package performs network requests, verify you’re comfortable with it making API calls to api.github.com and api.algora.io. 5) If you want stronger assurance, inspect the published repository (or run npm audit) and consider running the tool inside a container or VM so credentials are easier to isolate. The main actionable issue is the metadata/documentation mismatch — treat that as a red flag and confirm credentials and origin before use.

功能分析

Type: OpenClaw Skill Name: github-bounty-finder Version: 1.0.1 The GitHub Bounty Finder skill is a functional tool designed to scan GitHub and Algora for bounty opportunities. The code in src/scanner.js and bin/cli.js uses standard libraries (axios, commander) to interact with official APIs and perform scoring based on bounty value and competition. While the documentation and code include unusual business-oriented logic for 'pricing recommendations' and revenue projections, there is no evidence of malicious intent, data exfiltration, or unauthorized command execution.

能力评估

⚠ Purpose & Capability

The skill's code and SKILL.md clearly require a GITHUB_TOKEN and an ALGORA_API_KEY for its stated purpose (scanning GitHub and Algora). However, the registry metadata lists no required environment variables or primary credential. This mismatch is an incoherence: anyone running the scanner legitimately needs those tokens, so the metadata should declare them.

✓ Instruction Scope

SKILL.md and bin/cli.js keep instructions focused on scanning GitHub/Algora, creating a local .env file, and running the CLI. The runtime instructions and code only read environment variables (GITHUB_TOKEN, ALGORA_API_KEY), query GitHub/Algora APIs, extract bounty amounts from issue bodies, and produce JSON output. There are no instructions to read unrelated files, access unrelated credentials, or send data to unexpected external endpoints.

ℹ Install Mechanism

There is no separate install spec provided by the registry (instruction-only claim), but the package includes package.json with typical dependencies (axios, node-fetch, chalk, commander, dotenv). No downloads from untrusted URLs or extract-from-URL steps are present. The presence of code files means installing (npm install) will pull dependencies from npm; that's expected but should be done in a trusted/isolated environment. Minor oddity: both axios and node-fetch are listed (redundant but not malicious).

⚠ Credentials

The only environment values accessed by the code are GITHUB_TOKEN and ALGORA_API_KEY, which are proportionate to the stated functionality. However, the registry metadata claimed 'Required env vars: none' while SKILL.md and code ask the user to create a .env with both tokens. This omission in metadata is a security/usability concern because users may not realize credentials are required or needed to run authenticated scans.

✓ Persistence & Privilege

The skill does not request persistent/privileged platform presence (always: false). It does not modify other skills or system-wide agent settings. It runs as a CLI library and only uses environment variables and outbound API calls; autonomous invocation settings are default and unremarkable.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-bounty-finder
安装完成后，直接呼叫该 Skill 的名称或使用 /github-bounty-finder 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Initial release - GitHub & Algora bounty scanner

v1.0.0

GitHub-Bounty-Finder Skill 1.0.0 – Initial Release - 自动扫描 GitHub Issues，识别带有 bounty 标签的机会 - 分析 bounty 奖励金额与参与竞争程度，智能推荐高价值低竞争任务 - 提供参与人数、技能要求的匹配度及实时追踪提醒功能 - 支持关键词触发、repo 分析、bounty 追踪等命令行操作 - 输出包含标题、奖励金额、竞争者、技能匹配等信息的结构化列表

元数据

Slug github-bounty-finder

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题