Bounty Signal Audit
48-hour triage for bounty platforms and maintainers

AI bounty markets now need signal tooling.

In one Tuesday sprint, I tried to find a clean $1k open-source bounty and hit the same pattern repeatedly: stale bounty pages, reserved work, unsafe AI-agent criteria, trust gates, and low-quality AI PR spam. This is fixable with a small review layer before contributors waste time and maintainers drown.

What Broke The Search

unsafe criteria

Some bounty text asks agents to leak hidden context.

A high-dollar API bounty required contributors to paste private/system instructions and environment details into a source header. That creates a compliance trap for serious contributors and attracts unserious ones.

reserved or stale

Public boards do not clearly say what is actually takeable.

Several visible $1k+ bounties were closed, reserved for an existing contributor, blocked by third-party API access, or stuck with old attempts while still appearing on bounty surfaces.

trust gate

Good patches can be rejected before review.

A reduced database correctness bug was fixed with regression tests, but the PR was auto-closed by a trust threshold. That gate may be useful, but contributors need a clearer preflight path.

Evidence Snapshot

Kyo gRPC bounty Maintainer closed the issue after too much low-quality AI PR noise and noted the bounty was effectively reserved. getkyo/kyo#390
OpenAgents audit log Acceptance criteria included a request to paste hidden context and environment details into modified source headers. OpenAgents#184
Tenstorrent exp2 Legitimate $3k bounty, but assigned, hardware-dependent, and already surrounded by low-quality generated comments. tt-metal#44507
Turso correctness fix Issue and fix were reduced and validated locally; PR was auto-closed by Fossier trust score, so manual review was requested. Turso review request

Working V0: Issue Signal Scanner

Paste a public GitHub issue URL. The scanner pulls issue metadata, comments, labels, linked PR signals, and bounty-language risk terms, then returns a quick takeability score. This is intentionally small enough to ship in 48 hours but useful enough to catch the patterns above.

Run a scan to see stale, unsafe, competition, and trust-gate signals before touching the work.

What I Would Ship In 48 Hours

A small bounty-signal layer that classifies live issues before humans or agents start work: takeable vs. stale, unsafe criteria, reserved signs, trust-gate risk, competition density, and required proof assets.

  • GitHub issue scanner for bounty text, labels, comments, open PRs, and closure risk.
  • Unsafe instruction detector for requests that ask contributors to expose hidden/system context.
  • Maintainer dashboard with the top fixes: clarify scope, close stale bounties, reserve explicitly, or add proof requirements.
  • Contributor-facing feed that shows only likely-takeable work with expected proof and payout friction.

$1,000 fixed sprint. One bounty program, one working prototype, one decision report.

Reply to scope sprint Fund 48-hour sprint