CtrlK
BlogDocsLog inGet started
Tessl Logo

opensea

Query NFT and token data, trade NFTs on Seaport, swap ERC20 tokens via DEX aggregator, configure wallet signing providers, and build/register/gate AI agent tools on Base. Covers the full OpenSea developer surface across CLI, MCP server, shell scripts, and SDK. Pick the right sub-skill using the routing table below, then read that sub-skill's SKILL.md for operational detail.

80

1.08x
Quality

Does it follow best practices?

Impact

98%

1.08x

Average score across 3 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Security

3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.

Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (high risk: 0.75). The router skill itself is a static dispatcher, but at runtime it hands off to sub-skills that call OpenSea APIs and ingest untrusted JSON fields (e.g., NFT/collection descriptions) into the agent context; these fields are outsider-authored user-generated content and can contain prompt-injection text (e.g., `opensea-api`/`opensea-marketplace` “Untrusted API data” boundaries around API responses).

Report incorrect finding
Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 0.90). The opensea-tool-sdk explicitly fetches external tool manifests and calls arbitrary tool endpoints at runtime (e.g., the register / call flows fetch URLs like https://my-tool.example.com/.well-known/ai-tool/my-tool.json and invoke endpoints such as https://my-tool.vercel.app/api), and those fetched manifests/endpoints are required at runtime and can control agent behavior or execute server-side logic/payment flows.

Medium

W009: Direct money access capability detected (payment gateways, crypto, banking)

What this means

The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.

Why it was flagged

Direct money access detected (high risk: 1.00). The router explicitly references sub-skills that perform crypto financial actions: "Buy/sell NFTs on Seaport, sweeps, cross-chain" (opensea-marketplace), "Swap ERC20 tokens via DEX aggregator" (opensea-swaps), and "Configure wallet signing (Privy/Turnkey/Fireblocks/Bankr)" (opensea-wallet). These are specific, purpose-built capabilities for executing transactions, signing wallet operations, and moving value on-chain — not generic tooling. Therefore the skill grants direct financial execution authority.

Repository
ProjectOpenSea/opensea-skill
Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.