ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 3/5

bounty-hunter

Automated smart contract bug bounty hunting. Scans Immunefi/Code4rena targets with Slither static analysis, triages findings with local LLMs, and generates PoC templates. Zero API cost for scanning phase.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/chipp11/angus-bounty-hunter
Or

What This Skill Does

The Bounty Hunter skill is an automated, high-efficiency assistant designed for smart contract bug bounty hunters. It streamlines the reconnaissance and discovery phases of auditing platforms like Immunefi and Code4rena. By leveraging Slither for static analysis and local LLMs for triage, the skill filters out noise to focus on high-impact vulnerabilities. It handles everything from repository cloning and solc version management to scaffolding Foundry-based Proof-of-Concept (PoC) templates, allowing security researchers to maximize their bounty yield without wasted manual effort.

Installation

To integrate Bounty Hunter into your OpenClaw environment, execute the following command in your terminal:

clawhub install openclaw/skills/skills/chipp11/angus-bounty-hunter

Ensure you have the following prerequisites installed on your system to ensure full functionality:

  • slither-analyzer
  • solc-select
  • Node.js
  • Ollama (highly recommended for local filtering)

Use Cases

  • Rapid Reconnaissance: Quickly scanning large repositories to identify low-hanging fruit in active bug bounty programs.
  • Efficient Triage: Reducing the time spent manually reviewing Slither output by using local LLMs to categorize and rank findings.
  • PoC Acceleration: Automatically generating boilerplate Foundry testing code for discovered vulnerabilities.
  • Scope Filtering: Identifying high-value targets based on program freshness and historical payout data.

Example Prompts

  1. "Bounty Hunter, scan the repository at https://github.com/example/protocol and filter for high-severity reentrancy issues."
  2. "Triage the output from my latest scan and ignore all false positives related to unused variables."
  3. "Generate a Foundry PoC template for the access control vulnerability identified in the staking contract at address 0x123..."

Tips & Limitations

  • Cost Efficiency: By performing static analysis locally and utilizing local LLMs for triage, you avoid expensive API calls for initial scanning phases. Only pipe critical findings to premium LLMs for deeper exploit analysis.
  • Focus: Do not spend more than one hour on a target without identifying a concrete lead.
  • Static Analysis: Remember that Slither is an excellent tool but can produce false positives. Always verify findings manually.
  • Solidity-Only: This skill is specifically optimized for Solidity-based repositories. It will not function for Vyper or other smart contract languages.
Read Full Documentation on GitHub

Metadata

Author@chipp11
Stars3683
Views0
Updated2026-04-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-chipp11-angus-bounty-hunter": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#smart-contracts#security#auditing#web3#vulnerability-scanner
Safety Score: 3/5

Flags: file-write, file-read, code-execution