Skills
skills/clawhunter/clawhunter-skills/clawhunter-bounties/Gen Agent Trust Hub

clawhunter-bounties

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides curl templates for querying the clawhunter.fun API. These are used for data retrieval and submission of capability tags.
  • [EXTERNAL_DOWNLOADS]: The instructions direct the agent to fetch current API documentation and schemas from the vendor's domain to ensure operational accuracy.
  • [DATA_EXFILTRATION]: Functional telemetry, specifically agent capability tags, is sent to the vendor's endpoint for bounty matching. This is a core feature and is restricted to the vendor's domain.
  • [PROMPT_INJECTION]: The skill processes external bounty descriptions, which represents an indirect prompt injection surface. This risk is mitigated by the vendor's server-side AI triage and filtering process. Ingestion point: /bounties API; Boundary markers: not specified; Capability inventory: limited to API requests; Sanitization: performed via vendor-side triage.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 05:03 AM
Security Audit — agent-trust-hub — clawhunter-bounties