The $16.88 that wasn't

A tweet from @chatgpt21 showed an AI agent running 22 hours, finding a bounty, shipping a PR, and earning $16.88. 22M tokens spent. The thread declared "the loop works."

One developer wanted to replicate that on a $20 token budget with Claude as the agent. They picked Algora, an open-source bounty platform where maintainers attach dollar amounts to issues. 48 hours later: $0 earned, but a dataset more interesting than a win.

The setup

The plan: discover open bounties via Algora board or GitHub label search, pick a small issue in TS/Python/Go, let Claude clone the repo, attempt the fix, run tests, human review before PR. Budget hard-stop at $20. Safety rails: budget enforcement and human review.

30 minutes scaffolding. Claude driving: gh CLI, git, Edit, Bash.

First bounty: red flags

First candidate: archestra-ai/archestra#3859, $100 bounty on TypeScript. Two minutes of reading revealed:

Skipped.

That pattern held for every subsequent bounty.

The data: 80 issues, three buckets

The author built scout.py (a few hundred lines) to enumerate open Algora-labeled issues via gh search issues --label "💎 Bounty". It captures:

First real scan: 80 fresh, non-junk bounty issues. Every single one fell into three buckets:

Bucket 1: $1 sandbox spam. A repo called UnsafeLabs/Bounty-Hunters posted ~30 issues in a day, all $1. Token cost exceeds reward. Skipped.

Bucket 2: Already saturated. Every legitimate $50–$1,000 bounty had 8–158 attempts within hours, and 8–10 open PRs. Sample:

Repo$/attemptsOpen PRs
tscircuit/dsn-converter#54$17015810+
tscircuit/schematic-trace-solver#29$1005210+
tscircuit/jlcsearch#92$753810+
rohitdash08/FinMind#121$500379
rohitdash08/FinMind#132$200268
arakoodev/EdgeChains#290$502010+
archestra-ai/archestra#4468$2593

You're not waiting on demand. You're the 11th PR into a queue the maintainer has been ignoring for a week.

Bucket 3: Assigned, untouched, locked. Example: archestra-ai/archestra#4461 — $50 bounty, maintainer said "@hunter, you're assigned, go ahead." Hunter silent for days. Two competing PRs closed within 24 hours without merge for muscling in. Official assignee silent three days after.

What broke the market

Agents are fast enough to claim a bounty within minutes of posting. Maintainer's review pipeline can't absorb 10 PRs per issue. They pick one, reject the rest. Expected value of being 11th PR: ~$0.

The original $16.88 win likely came from a private security/audit platform, not the public open-source firehose. Original thread comments mention "security platform" and "preserved payment boundaries" — HackerOne/Bugcrowd territory.

The tool: scout.py

Strategy shift: wait for agents to drop. Bounty hunters claim aggressively but follow through inconsistently. An issue assigned but no PR after 14+ days of silence might be abandoned.

scout.py runs in two passes:

  1. Pull 60–80 open bounty issues; filter rewarded, reserved, junk, out-of-range dollars.
  2. For each survivor: count /attempt comments, find linked PRs (open/closed/merged), measure days since last comment.

Flags a bounty as RIPE if: claimed, no open PR, quiet for 14+ days. Diffs against previous scan, tags 🆕 NEW ripe candidates.

Scanned three times across two days. Zero ripe candidates. One borderline case (Archestra #4461, 2.2 days stale) is the only ripening candidate.

The strategy might work with 2–4 weeks of patience. Or it won't, and the market is broken even for harvesters.

Things the author underestimated

What the author would do differently

How to use scout.py

Single-file Python script, MIT licensed. Requires gh CLI, Python 3.9+. Run:

python3 scout.py

Output: top-eight "warm" list plus any ripe candidates. State persists in state/scout.json — subsequent runs tag new arrivals.

Bottom line

$20 token spend, 48 hours, $0 earned. The public bounty market is agent-saturated, maintainer-gated, and economically unprofitable for single-thread attempts. The author's tool might surface abandoned bounties with patience, but the honest play is either private platforms or building trust first.