ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SeeSaw Claw

v1.0.0

Integrates SeeSaw prediction market APIs into OpenClaw, enabling market listing, balance checking, and position management via CLI.

0· 40·0 current·0 all-time
by@seesaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to integrate SeeSaw market APIs (listing, balances, trading) and the code implements that. However the registry header in the submission says "Required env vars: none" while the SKILL.md and scripts require SEESAW_BASE_URL, SEESAW_API_KEY, and SEESAW_API_SECRET. Additionally several automation scripts require other credentials (OPENAI_API_KEY, SLACK_BOT_TOKEN/SLACK_CHANNEL_ID, BRAVE_API_KEY) to run automated workflows — those sensitive env vars are not reflected in the registry metadata. That mismatch between declared requirements and what the code actually uses is an incoherence to be aware of.
!
Instruction Scope
SKILL.md instructs copying files into ~/.openclaw/workspace/skills and editing ~/.openclaw/openclaw.json to store API keys; it also recommends pip installing requirements. The automated scripts instruct the agent to perform web searches, call an LLM, post to Slack, create markets, assert results, and buy/sell shares. Those behaviors go beyond passive read-only listing and include actions that change remote state (trades, assertions, comments). The SKILL.md does mention the extra prerequisites in places, but the runtime scripts directly access env vars and perform network calls and trading operations — giving this skill API keys enables it to perform financial actions automatically.
Install Mechanism
No external download or archive extraction; the skill is instruction- and file-based with a small requirements.txt (requests). SKILL.md suggests using ClawHub or copying the skills folder and pip installing requests. No high-risk install URLs or obscure installers were observed.
!
Credentials
For core SeeSaw functionality, SEESAW_BASE_URL, SEESAW_API_KEY, and SEESAW_API_SECRET are appropriate. However the automation features require additional unrelated sensitive credentials (OPENAI_API_KEY, SLACK_BOT_TOKEN, SLACK_CHANNEL_ID, BRAVE_API_KEY). Those are not present in the top-level registry metadata in the submission and are only mentioned inside SKILL.md — this is a disproportionate expansion of required secrets and increases the blast radius if you supply them. The scripts also persist a token to /tmp/seesaw_token.json and write some local files (created_topics.json, /tmp/new_market.txt).
Persistence & Privilege
The skill does not request always: true and does not modify other skills' configs. It writes a token cache to /tmp and stores created topics and a new_market.txt file; these are limited to the skill's workspace and /tmp. However the skill can perform autonomous operations (normal default) that create markets, place trades, assert results, and post to Slack if supplied credentials — that capability should be considered a privilege before enabling automation.
What to consider before installing
Before installing or enabling automation, review these points: - Metadata mismatch: The registry summary here claimed no required env vars, but the SKILL.md and code require SEESAW_BASE_URL, SEESAW_API_KEY, and SEESAW_API_SECRET. In addition, automation scripts need OPENAI_API_KEY, SLACK_BOT_TOKEN (and channel ID), and BRAVE_API_KEY. Ask the publisher to correct registry metadata so required secrets are explicit. - Sensitive actions: The scripts can automatically create markets, assert resolutions, claim rewards, and buy/sell positions using your SeeSaw credentials. If you supply SEESAW API keys you are giving the skill permission to perform financial operations. Only provide those keys if you fully trust the code and the publisher. - Optional automation: If you only want read-only capabilities (list markets, check balances), run the CLI scripts manually and avoid providing the extra automation keys (OPENAI/Slack/Brave). Use the config dry_run=true to simulate actions while evaluating behavior. - Inspect utils.py and networking: The skill calls helper functions (search_web, call_llm, send_slack_message, search_image). Review utils.py to confirm those helpers do not exfiltrate credentials or post data to unexpected endpoints. Ensure SLACK and LLM interactions are to endpoints you expect. - Limit exposure: 1) Run first in an isolated account with minimal funds or sandbox API keys. 2) Do not enable autonomous invocation if you don’t want the agent to trade or create markets automatically. 3) Consider running on a machine/account where you can control /tmp and the skill workspace and review any files it writes. - Trust and provenance: The skill's source is listed as "unknown" and there is no homepage in the registry metadata. Confirm the publisher identity and, if possible, prefer installing from a verified repository (or clone and manually audit the code) before adding your credentials. If you want, I can: 1) summarize which exact files reference each sensitive env var, 2) highlight the lines where remote write operations (trade/claim/assert/create_market) occur, or 3) inspect utils.py for network/callback behavior — tell me which you'd like to see.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpty40mje6twg4j6za9nkqs83kfzn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments