The $16.88 that wasn't
A tweet from @chatgpt21 showed an AI agent running 22 hours, finding a bounty, shipping a PR, and earning $16.88. 22M tokens spent. The thread declared "the loop works."
One developer wanted to replicate that on a $20 token budget with Claude as the agent. They picked Algora, an open-source bounty platform where maintainers attach dollar amounts to issues. 48 hours later: $0 earned, but a dataset more interesting than a win.
The setup
The plan: discover open bounties via Algora board or GitHub label search, pick a small issue in TS/Python/Go, let Claude clone the repo, attempt the fix, run tests, human review before PR. Budget hard-stop at $20. Safety rails: budget enforcement and human review.
30 minutes scaffolding. Claude driving: gh CLI, git, Edit, Bash.
First bounty: red flags
First candidate: archestra-ai/archestra#3859, $100 bounty on TypeScript. Two minutes of reading revealed:
- Yellow label "Reserved for SE interview" — only for hiring candidates.
- Maintainer banned a user @sumithkumar07 "for attempting to steal another user's bounty."
- Two PRs already submitted (#4311, #4613) plus a WIP from a third hunter.
Skipped.
That pattern held for every subsequent bounty.
The data: 80 issues, three buckets
The author built scout.py (a few hundred lines) to enumerate open Algora-labeled issues via gh search issues --label "💎 Bounty". It captures:
- Dollar amount (label-encoded like $50, $150)
/attemptcomments (how many raised hands)- Assignees (maintainer picks)
- Open PRs linking to the issue (actual submissions)
- Days since last comment (staleness proxy)
First real scan: 80 fresh, non-junk bounty issues. Every single one fell into three buckets:
Bucket 1: $1 sandbox spam. A repo called UnsafeLabs/Bounty-Hunters posted ~30 issues in a day, all $1. Token cost exceeds reward. Skipped.
Bucket 2: Already saturated. Every legitimate $50–$1,000 bounty had 8–158 attempts within hours, and 8–10 open PRs. Sample:
| Repo | $ | /attempts | Open PRs |
|---|---|---|---|
| tscircuit/dsn-converter#54 | $170 | 158 | 10+ |
| tscircuit/schematic-trace-solver#29 | $100 | 52 | 10+ |
| tscircuit/jlcsearch#92 | $75 | 38 | 10+ |
| rohitdash08/FinMind#121 | $500 | 37 | 9 |
| rohitdash08/FinMind#132 | $200 | 26 | 8 |
| arakoodev/EdgeChains#290 | $50 | 20 | 10+ |
| archestra-ai/archestra#4468 | $25 | 9 | 3 |
You're not waiting on demand. You're the 11th PR into a queue the maintainer has been ignoring for a week.
Bucket 3: Assigned, untouched, locked. Example: archestra-ai/archestra#4461 — $50 bounty, maintainer said "@hunter, you're assigned, go ahead." Hunter silent for days. Two competing PRs closed within 24 hours without merge for muscling in. Official assignee silent three days after.
What broke the market
Agents are fast enough to claim a bounty within minutes of posting. Maintainer's review pipeline can't absorb 10 PRs per issue. They pick one, reject the rest. Expected value of being 11th PR: ~$0.
The original $16.88 win likely came from a private security/audit platform, not the public open-source firehose. Original thread comments mention "security platform" and "preserved payment boundaries" — HackerOne/Bugcrowd territory.
The tool: scout.py
Strategy shift: wait for agents to drop. Bounty hunters claim aggressively but follow through inconsistently. An issue assigned but no PR after 14+ days of silence might be abandoned.
scout.py runs in two passes:
- Pull 60–80 open bounty issues; filter rewarded, reserved, junk, out-of-range dollars.
- For each survivor: count
/attemptcomments, find linked PRs (open/closed/merged), measure days since last comment.
Flags a bounty as RIPE if: claimed, no open PR, quiet for 14+ days. Diffs against previous scan, tags 🆕 NEW ripe candidates.
Scanned three times across two days. Zero ripe candidates. One borderline case (Archestra #4461, 2.2 days stale) is the only ripening candidate.
The strategy might work with 2–4 weeks of patience. Or it won't, and the market is broken even for harvesters.
Things the author underestimated
- Public bounty market is fully agent-saturated. Even $50 issues on niche repos attract 20+ attempts in a day. Bots watch the issue feed and pile in before you finish reading the title.
- Reservation labels and hiring-candidate gates are everywhere. Archestra treats bounties as a hiring channel. If you're not in their pipeline, you're poaching. At least one org will ban accounts for it.
- Maintainer review is the bottleneck, not solution quality. A perfect PR submitted ninth loses to a mediocre PR submitted first.
- "$16.88 in 22 hours" implies 20+ jobs in parallel. Single-thread, $20-budget, public-platform replication is the wrong unit economics. The original author ran a fleet, not a script.
- Economics still unprofitable per attempt. Even original run cost ~$16 tokens to earn $16.88 in a single optimistic case. The "$506 run-rate" extrapolates 30 parallel agents on flat-rate subscription, not sustained pay-per-token.
What the author would do differently
- Skip Algora's public board. Look at private programs on HackerOne, Bugcrowd, or domain-specific platforms where solution quality matters more than submission speed.
- Pick one repo and become a contributor first. Trust is the only honest play on public OSS.
- Don't compete with agent farms head-on. Build for them: tooling like
scout.py, dashboards, monitors. Sell to people running fleets.
How to use scout.py
Single-file Python script, MIT licensed. Requires gh CLI, Python 3.9+. Run:
python3 scout.py
Output: top-eight "warm" list plus any ripe candidates. State persists in state/scout.json — subsequent runs tag new arrivals.
Bottom line
$20 token spend, 48 hours, $0 earned. The public bounty market is agent-saturated, maintainer-gated, and economically unprofitable for single-thread attempts. The author's tool might surface abandoned bounties with patience, but the honest play is either private platforms or building trust first.
