ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenSea Skill

v2.1.1

Query OpenSea NFT marketplace data via official MCP server. Get floor prices, collection stats, NFT metadata, marketplace listings and offers. Execute Seapor...

0· 411·0 current·0 all-time
byDevin Finzer@dfinzer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactionsRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, scripts, and reference docs all align with an OpenSea client that queries marketplace data and executes Seaport swaps/fulfillments. Requested capabilities (API key + wallet signing via Privy/Turnkey/Fireblocks/private key) are coherent with the stated purpose. However, the registry metadata presented with the skill claims 'Required env vars: none' and 'Source: unknown' which conflicts with SKILL.md and README that clearly require OPENSEA_API_KEY and (optionally) wallet provider credentials.
Instruction Scope
Runtime instructions explicitly direct network calls to api.opensea.io and mcp.opensea.io, explain creating/using an OPENSEA_API_KEY, and include flows that return calldata which the user must sign/send. Scripts and examples include both read-only queries and write/fulfillment flows that build transactions and rely on external wallet providers for signing. The instructions do not ask the agent to read unrelated local files or exfiltrate arbitrary system data, but they do guide the agent to obtain and use high-privilege secrets (wallet credentials or a private key) for on-chain actions.
Install Mechanism
No install spec is included; the repo is instruction-first and contains shell scripts and TypeScript source. The README recommends installing the official CLI package (@opensea/cli) via npm, which is a standard package install. There are no remote arbitrary downloads or obscure installers in the displayed manifest. Still, the skill contains executable scripts that will perform network operations if run.
!
Credentials
SKILL.md declares OPENSEA_API_KEY as required and PRIVY_* variables as optional; the code and references also document many other provider env vars (TURNKEY_*, FIREBLOCKS_*, PRIVATE_KEY, RPC_URL, etc.). The registry metadata shown with the skill lists no required env vars — a clear mismatch. The skill legitimately needs at least an OpenSea API key and (for write/fulfillment) wallet-provider credentials, but the omission in metadata and broad list of potential secrets increases risk. Requiring or encouraging a raw PRIVATE_KEY (even for dev) is especially sensitive.
Persistence & Privilege
The skill does not request always:true, does not claim to modify other skills, and has no install-time mechanism that embeds itself persistently in the agent beyond normal skill files. Autonomous invocation is allowed (platform default) but is not combined with elevated persistence flags.
What to consider before installing
This package appears to be a full OpenSea client (reads marketplace data and can build transactions to buy/sell/swap NFTs). Before installing or supplying secrets: 1) Verify the skill's origin — the registry shows 'Source: unknown' and no homepage; prefer code from an official OpenSea GitHub/org or other known source. 2) Expect to supply OPENSEA_API_KEY for all API calls; the registry metadata failing to list this is an inconsistency to confirm with the publisher. 3) Never paste a raw private key into a shared agent environment; prefer managed providers (Privy, Turnkey, Fireblocks) and enforce conservative signing policies (value caps, allowlists) before enabling transaction signing. 4) Inspect the included scripts (scripts/*.sh and TypeScript examples) locally to confirm they only call api.opensea.io / mcp.opensea.io and do not exfiltrate other data. 5) If you need only read-only data, avoid configuring wallet credentials or private-key adapters. 6) If you plan to allow autonomous agent execution of trading flows, restrict the wallet with tight policies and limit transaction value. If you want higher confidence, ask the publisher/source for canonical provenance (official OpenSea repo link or signed release) and an updated registry metadata that correctly lists required environment variables.

Like a lobster shell, security has layers — review code before you run it.

latestvk978p6m965vjfr4m0n510j9ynh84x2ad

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments