← 返回 Skills 市场

github-bounty-hunter-v2

Name: github-bounty-hunter-v2
Author: santosparra651-arch

作者 santosparra651-arch · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

171

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-bounty-hunter-v2

功能描述

Automatically search for low-competition GitHub bounty tasks (comments < 5) and generate a clean report with details and estimated difficulty.

使用说明 (SKILL.md)

GitHub Bounty Hunter 🎯💰

Automatically find low-competition bounty tasks on GitHub. Filter by number of comments to avoid crowded bounties and maximize your chance of getting accepted.

Features

🔍 Search open bounties with label:bounty and state:open
🎯 Low-competition filter - only shows bounties with \x3C N comments (default 5)
📊 Generate clean report with title, URL, comment count, difficulty estimation
⚡ Fast search via GitHub API
🎨 Sorted by competition level - least competition first

Installation

npx clawhub install github-bounty-hunter

Usage

Search for low-competition bounties:

npx github-bounty-hunter

Customize maximum comment count:

npx github-bounty-hunter 3

Output example:

=========================================
  GitHub Bounty Hunter - Search Results
=========================================

Found 5 low-competition bounties:

👉 Add transaction history page
   URL: `https://github.com/example/project/issues/6` 
   💬 Comments: 2 | 💪 Difficulty: Beginner

👉 FAQ & How It Works Page
   URL: `https://github.com/example/project/issues/264` 
   💬 Comments: 1 | 💪 Difficulty: Beginner

...

Requirements

Node.js 16+
GitHub API access (authenticated for higher rate limits)

How it works

This skill uses the GitHub Search API to find open issues with the bounty label, filters by comment count, sorts by least comments first, and outputs a clean report ready for you to pick your next bounty.

Perfect for:

Beginners looking for easy bounties
Bounty hunters who want less competition
Daily quick scans for new opportunities

Changelog

1.0.0

Initial release
Basic search and filtering
Report generation

安全使用建议

This skill appears coherent and straightforward, but take these precautions before installing/running: - Review the included scripts (already small and readable) — they only call api.github.com and print results. - The package/skill source is 'unknown'; if you plan to run npx github-bounty-hunter or install from a registry, verify the package publisher and checksum to avoid fetching a different package with malicious code. - If you need higher GitHub rate limits, the script must be edited to send an Authorization: token header (it currently does not read GITHUB_TOKEN). Don't paste secrets into third-party tools unless you trust the publisher. - Running the script requires Node.js and will make outbound HTTPS requests to api.github.com; run it from a non-privileged account and avoid running as root. - If you want stricter guarantees, request the publisher's repository/homepage or run the included script locally rather than via npx from an unknown registry.

功能分析

Type: OpenClaw Skill Name: github-bounty-hunter-v2 Version: 1.0.0 The skill bundle is a straightforward tool for searching GitHub issues with a 'bounty' label and low comment counts. The core logic in `scripts/search.js` uses the standard Node.js `https` module to query the public GitHub Search API and outputs a formatted report to the console without any evidence of data exfiltration, unauthorized file access, or malicious execution.

能力评估

✓ Purpose & Capability

Name/description align with the code: scripts/search.js builds a GitHub Search API query for label:bounty, filters by comment count, sorts results, and prints a report. No unrelated capabilities (cloud creds, filesystem scanning, or external endpoints) are present.

ℹ Instruction Scope

SKILL.md instructs running the included Node script via npx and documents expected behavior. The instructions and script only perform GitHub API GET requests and print a report — they do not read local files or exfiltrate data. Minor mismatch: SKILL.md mentions authenticated API access for higher rate limits but neither requires nor documents passing a token to the script.

ℹ Install Mechanism

No install spec is present (instruction-only skill), and the repo includes package.json and a runnable script. The example npx install/usage implies an npm-distributed package; no remote downloads or extract/install steps occur in the provided files. Verify registry provenance before running npx against an unknown package name.

ℹ Credentials

The skill requests no environment variables or credentials. This is proportionate to the included code (which makes unauthenticated API calls). However, SKILL.md suggests optional authenticated GitHub API access for higher rate limits — the script does not currently accept or document a GITHUB_TOKEN environment variable, so users expecting token-based auth would need to modify the script.

✓ Persistence & Privilege

Skill does not request persistent/always-on presence (always:false) and does not modify other skills or system-wide settings. It runs as a simple one-off CLI script with no privileged behavior.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-bounty-hunter-v2
安装完成后，直接呼叫该 Skill 的名称或使用 /github-bounty-hunter-v2 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release with streamlined Node.js-based bounty search. - Transitioned from a Python-based autonomous agent to a lightweight Node.js utility - Finds and reports low-competition GitHub bounty issues, filtering by comment count - Generates clean, sorted reports with bounty details and estimated difficulty - Removed prior automation features (proposal submission, payment management, etc.) - Simplified installation and usage via `npx` commands

元数据

Slug github-bounty-hunter-v2

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题