BotSee
v0.2.5Monitor your brand's AI visibility via BotSee API
⭐ 0· 717·0 current·0 all-time
byCharlie Graham@grahac
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, the included Python CLI, and the declared commands all align: the skill talks to botsee.io endpoints, performs signup, analysis, content generation, and manages local config. No unrelated cloud credentials, system services, or binaries are requested. The plugin.json points to https://botsee.io, which matches the code's BASE_URL default.
Instruction Scope
SKILL.md directs the agent to run the bundled Python script under ~/.claude/skills/botsee/scripts/botsee.py to call the BotSee API and to present setup URLs to the user. The instructions also ask the user to paste API keys or ensure payment steps complete; the script will persist API keys and workspace config locally. This is expected for an API client, but users should be aware that secrets (API keys) are saved to ~/.botsee/config.json and workspace config is saved to .context/botsee-config.json.
Install Mechanism
There is no install spec (instruction-only / bundled script) — the skill runs the included Python script. No downloads from external or untrusted URLs or package managers are performed by the skill itself. This is the lower-risk pattern.
Credentials
The skill declares no required environment variables and only optionally respects BOTSEE_BASE_URL for testing. It does create and read local config files under the user's home (~/.botsee) and workspace (.context). It does not request unrelated credentials or broad environment access. Payment flows require user-provided wallet addresses/tx hashes, which is appropriate for a USDC-based payment flow.
Persistence & Privilege
The script persists user API key and pending signup metadata to ~/.botsee and workspace settings to .context; file permissions are explicitly tightened (umask 0o077, chmod 0o700/0o600). always:false and normal autonomous invocation are used. Persistence is expected for this type of client, but users should understand the skill will store their API key locally.
Assessment
This skill appears coherent for interacting with the BotSee API: it runs the included Python CLI, stores an API key and workspace config locally (~/.botsee/config.json and .context/botsee-config.json), and supports credit-card and USDC (Base) payment flows. Before installing: 1) Confirm you trust the publisher or marketplace entry for this skill (source was listed as unknown here) and that the homepage (plugin.json mentions https://botsee.io) is legitimate. 2) Understand the skill will save your BotSee API key to your home directory; if you expose a key in chat, the skill/code will persist it locally — check and remove it if you change your mind. 3) For USDC payments, verify any pay-to address and payment challenge responses out-of-band (on the official site) before sending funds. 4) If you need stricter secrecy, consider using a dedicated API key with limited privileges and review or sandbox the skill before granting it access to sensitive accounts. Overall, nothing in the package appears disproportionate or unrelated to its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97efj8zxmyp1qc01egvw4fsxs81tv85
License
MIT-0
Free to use, modify, and redistribute. No attribution required.