Query NFT and token data, trade NFTs on Seaport, swap ERC20 tokens via DEX aggregator, configure wallet signing providers, and build/register/gate AI agent tools on Base. Covers the full OpenSea developer surface across CLI, MCP server, shell scripts, and SDK. Pick the right sub-skill using the routing table below, then read that sub-skill's SKILL.md for operational detail.
80
—
Does it follow best practices?
Impact
98%
1.08xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (high risk: 0.75). The router skill itself is a static dispatcher, but at runtime it hands off to sub-skills that call OpenSea APIs and ingest untrusted JSON fields (e.g., NFT/collection descriptions) into the agent context; these fields are outsider-authored user-generated content and can contain prompt-injection text (e.g., `opensea-api`/`opensea-marketplace` “Untrusted API data” boundaries around API responses).
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Potentially malicious external URL detected (high risk: 0.90). The opensea-tool-sdk explicitly fetches external tool manifests and calls arbitrary tool endpoints at runtime (e.g., the register / call flows fetch URLs like https://my-tool.example.com/.well-known/ai-tool/my-tool.json and invoke endpoints such as https://my-tool.vercel.app/api), and those fetched manifests/endpoints are required at runtime and can control agent behavior or execute server-side logic/payment flows.
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Direct money access detected (high risk: 1.00). The router explicitly references sub-skills that perform crypto financial actions: "Buy/sell NFTs on Seaport, sweeps, cross-chain" (opensea-marketplace), "Swap ERC20 tokens via DEX aggregator" (opensea-swaps), and "Configure wallet signing (Privy/Turnkey/Fireblocks/Bankr)" (opensea-wallet). These are specific, purpose-built capabilities for executing transactions, signing wallet operations, and moving value on-chain — not generic tooling. Therefore the skill grants direct financial execution authority.
142f269
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.