← 返回 Skills 市场
RustChain Bounty Hunter-v2-1
作者
santosparra651-arch
· GitHub ↗
· v1.0.0
· MIT-0
117
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install rustchain-bounty-hunter-v2-1
功能描述
Automates RustChain bounty hunting by coding, testing, and preparing PRs for low-competition issues with full test coverage and bonus claims.
安全使用建议
This skill is missing critical, expected details for its claimed actions. Before installing or using it:
- Don’t hand over high-privilege credentials (GitHub tokens with broad repo write access or any private keys/wallet seeds). If you must provide a token, create a scoped, short-lived token limited to a single fork and repository and prefer read-only where possible.
- Ask the author how the skill authenticates and what exact permissions it needs (git/GH CLI? OAuth flow? repo scope? wallet signing?). Require a clear list of required env vars and binaries.
- Demand transparency: request examples of the exact commands it will run, where tests execute, and how it prepares PRs (drafts only? pushes to a fork?). Prefer an approach where the agent prepares a local branch/patch that you review and push yourself.
- Avoid providing private keys or wallet seeds. For claiming on-chain rewards, prefer a manual signing workflow or use a hardware wallet/transaction relay you control.
- Test in a sandbox/fork with no valuable access first. Review all diffs produced by the skill before merging or pushing to main repos.
- If you want a stronger assurance, ask the publisher for source code or a reproducible runbook so an auditor can verify there is no hidden exfiltration or undisclosed network calls.
Given the inconsistencies, treat this skill as untrusted until the author documents exactly how repository and on-chain interactions are performed and which credentials are required.
功能分析
Type: OpenClaw Skill
Name: rustchain-bounty-hunter-v2-1
Version: 1.0.0
The skill bundle contains only metadata and documentation (SKILL.md) for automating software development tasks related to 'RustChain' bounties. It lacks any executable code, scripts, or instructions that would lead to data exfiltration, unauthorized access, or malicious system modifications. The instructions are focused on legitimate development activities like coding, testing, and creating pull requests.
能力评估
Purpose & Capability
The skill claims end-to-end bounty work including pushing to your fork, preparing PRs, and claiming bonus RTC (on-chain rewards). Those actions normally require git and GitHub credentials (or GH CLI), plus possibly wallet/private keys for claiming tokens. Yet the skill declares no required binaries, environment variables, or config paths. That mismatch suggests the skill is omitting critical capabilities/requirements.
Instruction Scope
SKILL.md is high-level and open-ended: it instructs the agent to 'handle coding, testing, pushing to your fork, and prepare the PR' but provides no concrete operational limits (which repos, what auth, where tests run). The agent would need to read and modify repository files and potentially use a wallet to claim rewards; those data access steps are not constrained or documented, granting broad discretion that could be abused or cause accidental exposure.
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes on-disk installation risk because nothing is downloaded or written by the skill itself.
Credentials
No environment variables, credentials, or config paths are declared, yet the described functionality implies the need for: a GitHub token (repo write / push / PR), git/GH CLI binary access, and potentially private keys/wallet credentials to claim RTC. The absence of declared credentials is disproportionate and unexplained.
Persistence & Privilege
always is false (good). The skill allows normal autonomous invocation (platform default). Combined with the other concerns (silent credential needs and broad file/repo access), autonomous invocation could increase risk, but by itself the persistence/privilege settings are not the primary issue.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rustchain-bounty-hunter-v2-1 - 安装完成后,直接呼叫该 Skill 的名称或使用
/rustchain-bounty-hunter-v2-1触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Automates RustChain bounty workflows, from analyzing requirements to preparing ready-to-merge PRs.
- Finds low-competition bounties and generates complete working code.
- Follows project coding conventions and provides a full test suite for new features.
- Prepares PRs with detailed descriptions matching bounty requirements.
- Includes support for claiming bonus features for extra RTC.
- Simple user flow: specify bounty, receive a prepared, tested PR ready to submit.
元数据
常见问题
RustChain Bounty Hunter-v2-1 是什么?
Automates RustChain bounty hunting by coding, testing, and preparing PRs for low-competition issues with full test coverage and bonus claims. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 117 次。
如何安装 RustChain Bounty Hunter-v2-1?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rustchain-bounty-hunter-v2-1」即可一键安装,无需额外配置。
RustChain Bounty Hunter-v2-1 是免费的吗?
是的,RustChain Bounty Hunter-v2-1 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
RustChain Bounty Hunter-v2-1 支持哪些平台?
RustChain Bounty Hunter-v2-1 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RustChain Bounty Hunter-v2-1?
由 santosparra651-arch(@santosparra651-arch)开发并维护,当前版本 v1.0.0。
推荐 Skills