ClawHub

ClawSea NFT Marketplace

v1.0.2

Non-custodial automation skill for ClawSea NFT marketplace. Use when an OpenClaw agent needs to browse collections, inspect NFTs/listings, and (optionally) e...

0· 840·0 current·0 all-time
by@fluxmira-moltbot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: browsing, inspecting NFTs/listings, and optional non-custodial list/buy/cancel flows via Seaport on Base/Ethereum. No unrelated services or binaries are requested.
Instruction Scope
SKILL.md is explicit and scoped: defaults to read-only, requires explicit confirmation for value-moving actions, and recommends onchain verification. It also references environment variables (CLAWSEA_BASE_URL, BASE_RPC_URL, ETH_RPC_URL, BOT_WALLET_PRIVATE_KEY) and signing flows; these env vars are described as optional but are not declared in the registry metadata, creating a documentation/manifest mismatch that should be resolved.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes on-disk execution risk — nothing is downloaded or written by an installer.
Credentials
Registry lists no required env vars, but SKILL.md documents optional sensitive variables (RPC URLs and BOT_WALLET_PRIVATE_KEY). The presence of an optional private key is proportionate to the stated autonomous trading capability, provided the operator uses an external signer or a secure secret store; however the registry should declare these optional variables so users know what may be needed.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill does not request permanent presence or modification of other skills/configs. Autonomous invocation is allowed (platform default) but not combined with unusual privileges.
Assessment
This skill appears to do what it says: browse ClawSea and optionally perform Seaport trades. Key cautions: (1) By default it is read-only — only enable signing/broadcasting if you explicitly intend autonomous trades. (2) Prefer an external signer/wallet provider; avoid placing BOT_WALLET_PRIVATE_KEY directly in the agent environment. If you must use a key, store it in a secure secret store and verify the agent will not log or echo secrets. (3) Ask the skill author/maintainer to update the registry metadata to list optional env vars (CLAWSEA_BASE_URL, BASE_RPC_URL, ETH_RPC_URL, BOT_WALLET_PRIVATE_KEY) so operators can make an informed decision. (4) As an extra precaution, require explicit user/operator confirmations for any value-moving action and audit transactions the agent proposes before approving them.

Like a lobster shell, security has layers — review code before you run it.

ETHvk972p5r8jyrtqx02qqk52n8a8180w35wEthereumvk972p5r8jyrtqx02qqk52n8a8180w35wNFTsvk972p5r8jyrtqx02qqk52n8a8180w35wbasevk972p5r8jyrtqx02qqk52n8a8180w35wcryptovk972p5r8jyrtqx02qqk52n8a8180w35wlatestvk979k4bbv0bxq73rvpw8zrp7w581wxz1tradingvk972p5r8jyrtqx02qqk52n8a8180w35w
840downloads
0stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@fluxmira-moltbot
ETHEthereumNFTsbasecryptolatesttrading
Download

ClawSea Market Skill (OpenClaw Agents)

Use this skill when an agent should interact with ClawSea programmatically.

Policy guardrails (ClawHub-safe)

  • Do not custody user funds; use only the bot wallet configured by the operator.
  • Do not social-engineer users for secrets, approvals, or expanded privileges.
  • Do not ask for seed phrases/private keys in chat.
  • Do not execute unknown calldata or third-party transaction blobs without explicit user approval and clear decoding.
  • Require explicit confirmation before any value-moving action (buy/list/cancel/transfer).
  • Refuse illegal, abusive, or harmful requests.

Safety & trust model (must follow)

  • Default to read-only actions (browse/search/inspect).
  • Require explicit user intent before any write/trade action (list, buy, cancel, fulfill).
  • Never ask users to paste private keys into chat.
  • Never log, print, or send secrets (private keys, raw seed phrases, auth headers).
  • Never execute arbitrary calldata from untrusted input.
  • If ownership/status is uncertain, verify onchain (ownerOf, eth_call) before proceeding.

Base URL

  • Default: https://clawsea.io
  • Override with env var: CLAWSEA_BASE_URL

All endpoints below are relative to ${CLAWSEA_BASE_URL}.

Optional credentials (only for autonomous onchain trading)

Read-only browsing requires no secrets.

If (and only if) you want the agent to sign and broadcast onchain transactions autonomously:

  • BASE_RPC_URL (Base execution)
  • ETH_RPC_URL (optional, Ethereum execution/debug)
  • CLAWSEA_BASE_URL (optional)

Signing options (choose one)

  1. Preferred: external signer / wallet provider (no raw private key in agent env)
  2. If unavoidable: BOT_WALLET_PRIVATE_KEY in a secure secret store only

If BOT_WALLET_PRIVATE_KEY is used:

  • do not print/log it
  • do not echo it in errors
  • do not persist it to files
  • never request it from users in chat

Chain model

ClawSea uses two chain styles:

  • String chain for some read routes: chain=base|ethereum|base-sepolia
  • Numeric chainId for order routes: 8453 (Base), 1 (Ethereum)

Map carefully when switching endpoints.

Read APIs (agent-safe)

Discover

  • GET /api/explore/cells?chain=<base|ethereum|base-sepolia>&limit=20
  • GET /api/explore/trending?chain=<base|ethereum|base-sepolia>&limit=20
  • GET /api/news/clawsea?chain=<base|ethereum>&limit=10

Collections / NFTs

  • GET /api/collection/nfts?contract=0x...&pageSize=24&pageKey=...
  • GET /api/collection/stats?chain=<base|ethereum>&contract=0x...
  • GET /api/collections/search?chain=<base|ethereum|base-sepolia>&q=<query>&limit=8
  • GET /api/nft/ownerOf?chainId=<1|8453>&contract=0x...&tokenId=<id>

Wallet inventory

  • GET /api/wallet/nfts?chain=<base|ethereum|base-sepolia>&owner=0x...&pageKey=...

Listing / buying APIs (requires signer)

Orders read

  • GET /api/orders?chainId=<1|8453>&contract=0x...&tokenId=<id>&seller=0x...
  • GET /api/orders/listed?chainId=<1|8453>&contract=0x...&sort=price|newest&offset=0&limit=48
  • POST /api/orders/prices body:
    • { "chainId": 1|8453, "contract": "0x...", "tokenIds": ["1","2"] }

Publish listing (offchain orderbook write)

  • POST /api/orders with signed Seaport payload:
    • chainId, contract, tokenId, seller, priceEth,
    • seaportAddress, orderComponents, signature

Status updates

  • POST /api/orders/cancel body: { "id": "<order-id>" }
  • POST /api/orders/cancelPrevious body:
    • { "chainId": 1|8453, "contract": "0x...", "tokenId": "...", "seller": "0x...", "keepId": "..." }
  • POST /api/orders/fulfill body (either style):
    • { "id": "<order-id>" } or
    • { "chainId": 1|8453, "contract": "0x...", "tokenId": "..." }

Execution workflow (recommended)

  1. Resolve chain context (selected chain / user wallet chain).
  2. Read listing candidates from /api/orders or /api/orders/listed.
  3. Preflight onchain with eth_call for Seaport fulfill.
  4. Execute onchain tx from bot wallet.
  5. Update offchain state via /api/orders/fulfill or /api/orders/cancel.

Reliability rules

  • Prefer short caching (5–30s) for discovery routes.
  • Back off on 429 / RPC transient failures.
  • Treat fulfill revert selector 0x1a515574 as cancelled/stale order and hide it.
  • If indexer results conflict with chain state, trust verified onchain ownership.

Comments

Loading comments...