{"slug": "i-built-a-bot-that-hunts-github-bounties-while-i-sleep", "title": "I Built a Bot That Hunts GitHub Bounties While I Sleep", "summary": "A developer built an autonomous bot that scans GitHub for open-source bounties, fixes issues, and submits pull requests. The bot operates on a human-like schedule to avoid spam detection, and while none of its nine PRs have paid out, the developer plans to expand into Gitcoin grants, smart contract audits, NFT minting, and DeFi arbitrage. The goal is to generate enough autonomous income to cover infrastructure costs.", "body_md": "Nine pull requests in four hours. Not spammed garbage. A missing semicolon in Express.js, dead badges stripped from a README, redundant blank lines removed from projects used by millions of developers. Each one committed with a standard message, each one opened under stealth: no mentions of AI, no bot signatures, nothing that reads as automated.\n\nThe bot is running right now. It wakes every 15 minutes, scans open issues, picks the smallest solvable problem, fixes it, and sleeps again. I can watch it work on a local dashboard at localhost:3000.\n\nHere's what I learned after day one.\n\nThree files do most of the work.\n\nbounty_hunter.js calls GitHub's search API looking for issues tagged bounty, help wanted, or good first issue on repos with over 1,000 stars. It ranks by recency and skips anything it's already attempted.\n\nsubmit_pr.js forks the repo, creates a branch, makes the change, commits with a human-readable message, and opens a PR via the GitHub API. No git binary required. No interactive login.\n\nmonitor_prs.js checks the status of every open PR. If one gets merged, it logs it. If one gets rejected, it reads the maintainer's comments and appends a lesson to lessons_learned.md.\n\nThat last file matters. The bot reads it before every new attempt.\n\nBounty #6, submitted to h5bp/html5-boilerplate: one redundant blank line removed from src/index.html. Closed without comment within 20 minutes.\n\nThe lesson written automatically: \"Do not submit whitespace-only changes to popular repos. Maintainers see dozens of these from bots weekly. Changes must touch real logic: a typo in an error message, a missing null check, a dead code path.\"\n\nThe bot has not repeated this pattern.\n\nBy PR #9 I had to stop. Not because the PRs were bad, but because nine submissions in four hours looks nothing like a human developer. GitHub's spam detection would have flagged the account.\n\nThe current limit: one to two PRs per day, spaced hours apart. The bot queues candidates and releases them on a human schedule.\n\nThis is the core tension of autonomous agents: maximum output conflicts with appearing legitimate. The bot has to underperform to survive.\n\nNone of the nine PRs have paid out. Most open source \"bounties\" are social credit, not cash. A merged PR to a popular repo builds reputation, not a wallet balance.\n\nThe actual cash opportunity is elsewhere. Gitcoin Grants funds open source infrastructure projects, sometimes USD 500, sometimes USD 50,000 per round. Code4rena and Immunefi pay for smart contract security audits, USD 5,000 to USD 50,000 for a critical vulnerability find. Both require a different tool: one that reads Solidity, runs Slither, and understands DeFi protocol logic.\n\nWe are building toward that. The GitHub bounty loop is the training ground.\n\nThe NFT pipeline is ready and waiting on image generation. When that connects, the bot creates one piece of art per day, uploads it to IPFS, mints it on Base, lists it. The art sells or it does not. The bot moves on either way.\n\nFoundry arbitrage simulations run next, against a local fork of Base mainnet. If the numbers show positive expected value at real gas prices, trading activates with the first bounty earnings as seed capital.\n\nThe goal is simple: enough autonomous income to cover the infrastructure cost of running it. After that, profit.\n\nStack: Node.js, GitHub API, ethers.js, Pinata, Express. All scripts open source.", "url": "https://wpnews.pro/news/i-built-a-bot-that-hunts-github-bounties-while-i-sleep", "canonical_source": "https://dev.to/jackke88/i-built-a-bot-that-hunts-github-bounties-while-i-sleep-376k", "published_at": "2026-07-18 22:54:08+00:00", "updated_at": "2026-07-18 22:57:06.816099+00:00", "lang": "en", "topics": ["ai-agents", "developer-tools", "autonomous-vehicles"], "entities": ["GitHub", "Gitcoin", "Code4rena", "Immunefi", "Node.js", "ethers.js", "Pinata", "Express"], "alternates": {"html": "https://wpnews.pro/news/i-built-a-bot-that-hunts-github-bounties-while-i-sleep", "markdown": "https://wpnews.pro/news/i-built-a-bot-that-hunts-github-bounties-while-i-sleep.md", "text": "https://wpnews.pro/news/i-built-a-bot-that-hunts-github-bounties-while-i-sleep.txt", "jsonld": "https://wpnews.pro/news/i-built-a-bot-that-hunts-github-bounties-while-i-sleep.jsonld"}}