← 返回 Skills 市场
338
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install multi-bounty-scanner
功能描述
Automatically scan and filter new bug and OSS bounty opportunities across 50+ platforms by tech stack, reward, and difficulty with daily automation support.
安全使用建议
This skill is coherent enough to run a local GitHub-based bounty scan, but it overpromises features that are not implemented. Before installing or enabling it: 1) Inspect scanner.js yourself — it only uses the GitHub CLI (gh) and reads/writes ~/.bounty-scanner/*. 2) Understand that 'gh' network activity will use whatever GitHub auth is configured for your account; there are no declared secrets required by the skill. 3) Do not expect the advertised 50+ platform support, Telegram notifications, or paid tiers to work — those are documented but not implemented. 4) If you plan to run it on a schedule, run it first interactively and review the files it writes (seen.json, config.json). 5) Prefer running in an isolated/sandboxed account or VM if you are uncertain about running third‑party code from an unknown source.
功能分析
Type: OpenClaw Skill
Name: multi-bounty-scanner
Version: 1.0.0
The skill is a basic CLI tool designed to search for GitHub issues labeled 'bounty' using the GitHub CLI (`gh`). While the documentation in `README.md` and `SKILL.md` makes ambitious claims about supporting 50+ platforms and offering 'Pro' features, the actual implementation in `scanner.js` is limited to a single hardcoded GitHub search command. The use of `child_process.execSync` is safe as it does not interpolate user-controlled input into the shell command. There are no indicators of data exfiltration, malicious persistence, or prompt injection attacks.
能力评估
Purpose & Capability
The README/SKILL.md promise scanning of 50+ bounty platforms, Telegram notifications, and paid tiers, but scanner.js only implements a GitHub scanner (other platforms return empty/mocks). The project advertises broad network integrations that are not implemented, which is an incoherent claim-to-capability mismatch.
Instruction Scope
Runtime instructions are mostly scoped to running the CLI, adding a cron job, and creating ~/.bounty-scanner/config.json. The scanner reads/writes only ~/.bounty-scanner/{config.json,seen.json} and invokes the GitHub CLI via execSync. There are no instructions to collect unrelated files or credentials, but the SKILL.md/README mention Telegram notifications (chatId) without any code that sends notifications or any declared env var for a Telegram token.
Install Mechanism
No install spec (instruction-only) and the suggested manual install (chmod +x, npm link) is conventional. Nothing is downloaded from arbitrary URLs or installed with an untrusted installer. Risk is low from installation mechanics.
Credentials
The code only relies on Node.js and the GitHub CLI (gh) and uses process.env.HOME to find config. No credentials or external tokens are required by the code. However, package.json lists 'gh' as a peerDependency (misuse — 'gh' is a CLI, not an npm package), and the documentation references Telegram notifications and paid tiers without declaring or using any notification tokens or credentials. Also, since the scanner shells out to 'gh', any GitHub authentication present in the user's environment (gh auth) will be used by the CLI — users should be aware.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user. It writes persistent state under ~/.bounty-scanner/seen.json and config.json (local user home only). That is expected for a scanner that tracks what it has seen, but users should be aware it will create and modify files in their HOME directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install multi-bounty-scanner - 安装完成后,直接呼叫该 Skill 的名称或使用
/multi-bounty-scanner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release of Multi-Platform Bounty Scanner:
- Automatically scans 50+ bug bounty and OSS bounty platforms for new opportunities.
- Supports filters for tech stack, minimum reward, and platform selection.
- Exports scan results to JSON; tracks seen bounties to only show new ones.
- Integrates with OpenClaw for daily automated scanning via cron.
- Initial implementation supports GitHub (with bounty label); more platforms coming soon.
- Free tier includes GitHub scanning; Pro tier for all platforms planned.
元数据
常见问题
Multi-Platform Bounty Scanner 是什么?
Automatically scan and filter new bug and OSS bounty opportunities across 50+ platforms by tech stack, reward, and difficulty with daily automation support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 338 次。
如何安装 Multi-Platform Bounty Scanner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install multi-bounty-scanner」即可一键安装,无需额外配置。
Multi-Platform Bounty Scanner 是免费的吗?
是的,Multi-Platform Bounty Scanner 完全免费(开源免费),可自由下载、安装和使用。
Multi-Platform Bounty Scanner 支持哪些平台?
Multi-Platform Bounty Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Multi-Platform Bounty Scanner?
由 dagangtj(@dagangtj)开发并维护,当前版本 v1.0.0。
推荐 Skills