Trust Assessment
opensea received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 2 critical, 3 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via unsanitized shell arguments in opensea-get.sh, Command Injection via unsanitized shell arguments in opensea-post.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized shell arguments in opensea-get.sh The `opensea-get.sh` script constructs a URL by directly concatenating user-provided arguments (`$path` and `$query`) without proper sanitization or quoting before passing it to `curl`. An attacker can inject shell metacharacters (e.g., `$(command)`, `|`, `;`, `&`) into these arguments, leading to arbitrary command execution on the host system. All other scripts that call `opensea-get.sh` (e.g., `opensea-collection.sh`, `opensea-nft.sh`, etc.) inherit this vulnerability. Sanitize or properly quote all user-provided arguments before using them in shell commands. For `curl`, consider using `--data-urlencode` for query parameters and ensuring the base path is validated. For paths, ensure they are URL-encoded and then passed as a single argument to `curl` with proper quoting. A safer approach might involve using a dedicated HTTP client library in a language like Python or Node.js that handles URL construction and argument sanitization more robustly. | LLM | scripts/opensea-get.sh:20 | |
| CRITICAL | Command Injection via unsanitized shell arguments in opensea-post.sh The `opensea-post.sh` script constructs a URL and a JSON body by directly concatenating user-provided arguments (`$path` and `$body`) without proper sanitization or quoting before passing them to `curl`. An attacker can inject shell metacharacters (e.g., `$(command)`, `|`, `;`, `&`) into these arguments, leading to arbitrary command execution on the host system. Scripts like `opensea-fulfill-listing.sh` and `opensea-fulfill-offer.sh` that call `opensea-post.sh` are also vulnerable. Sanitize or properly quote all user-provided arguments before using them in shell commands. For `curl`, ensure the URL is properly encoded and the JSON body is passed securely, potentially by writing it to a temporary file and using `-d @filename` or by ensuring the `$body` variable is strictly JSON and properly quoted for the shell. A safer approach might involve using a dedicated HTTP client library in a language like Python or Node.js that handles URL construction and argument sanitization more robustly. | LLM | scripts/opensea-post.sh:20 | |
| HIGH | Private Key Exposure via Command-Line Argument The `opensea-swap.sh` script passes the user's `PRIVATE_KEY` directly as a command-line argument to a `node -e` script. This exposes the private key in the process list (`ps aux`) and potentially in shell history, making it vulnerable to exfiltration by other processes or users on the same system. Private keys should never be passed as command-line arguments. Avoid passing sensitive credentials like private keys as command-line arguments. Instead, use secure methods such as environment variables (if the environment is trusted and isolated), secure input prompts, or reading from a securely managed file with restricted permissions. For Node.js, consider using a library that can prompt for the key or read it from a secure store. | LLM | scripts/opensea-swap.sh:30 | |
| HIGH | Command Injection via `eval` in Node.js script The `opensea-swap.sh` script uses `eval('(' + raw + ')')` within its embedded Node.js code to parse the output from `mcporter`. If an attacker can manipulate the output of `mcporter` (e.g., through a malicious OpenSea API response or a compromised `mcporter` tool), they could inject arbitrary JavaScript code, leading to remote code execution within the Node.js environment. Replace the use of `eval` with a safe JSON parsing method, such as `JSON.parse()`. Ensure that the `mcporter` output is always valid JSON. If `mcporter` output is not strictly JSON, implement robust parsing logic that does not rely on `eval`. | LLM | scripts/opensea-swap.sh:40 | |
| HIGH | Command Injection via unsanitized arguments to `mcporter` The `opensea-swap.sh` script constructs the `--args` string for `mcporter call` by directly interpolating user-provided variables (`$FROM_TOKEN`, `$CHAIN`, `$TO_TOKEN`, `$AMOUNT`, `$WALLET`). If any of these variables contain shell metacharacters, an attacker could inject arbitrary commands that would be executed by the shell before `mcporter` is invoked. Properly quote and sanitize all user-provided variables before interpolating them into the `mcporter` command string. For JSON arguments, ensure they are correctly escaped for the shell or passed via a temporary file to avoid shell injection. | LLM | scripts/opensea-swap.sh:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/dfinzer/opensea/SKILL.md:1 | |
| MEDIUM | API Key Exposure in WebSocket URL The `opensea-stream-collection.sh` script embeds the `OPENSEA_API_KEY` directly into the WebSocket URL. This exposes the API key in process listings (`ps aux`) and potentially in network traffic (though WSS mitigates network sniffing, the key is still part of the URL). While common for WebSocket authentication, it's a less secure practice than using a header or a short-lived token. If possible, use a WebSocket authentication method that does not embed the API key directly in the URL, such as passing it in a header after the connection is established, or using a short-lived, single-use token obtained from a separate, authenticated endpoint. If direct URL embedding is unavoidable, ensure the environment where the script runs is highly secured and isolated. | LLM | scripts/opensea-stream-collection.sh:13 |
Scan History
Embed Code
[](https://skillshield.io/report/dd1b8bc2fe31c7af)
Powered by SkillShield