ClawHub

Binance API

Operate Binance Spot APIs through safe REST, WebSocket, and SDK workflows with signed requests, rate-limit control, and testnet-first execution.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 561 · 7 current installs · 7 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the declared requirements: curl/openssl/jq and BINANCE_API_KEY/ BINANCE_API_SECRET are appropriate for signing and calling Binance Spot endpoints. Declared endpoints and SDK guidance align with the stated purpose.
Instruction Scope
SKILL.md is instruction-only and stays within Binance operations (REST/WS/signing/rate limits). It instructs creating and writing operational files under ~/binance (memory.md, runbooks.md, incidents.md, snapshots) which is reasonable for runbook/history storage. Minor mismatch: several optional environment variables referenced in docs (BINANCE_BASE_URL, BINANCE_WS_BASE, BINANCE_TESTNET) are not listed in the declared requires.env—these are optional, but the agent may read them if present.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. It does shell-based signing examples using openssl/curl/jq which are declared required binaries.
Credentials
Only BINANCE_API_KEY and BINANCE_API_SECRET are required, which are proportional to the trading/troubleshooting purpose. No unrelated credentials or broad-scoped secrets are requested.
Persistence & Privilege
The skill writes and maintains local state under ~/binance and recommends file permissions (chmod 700/600). It does not request always:true, does not modify other skills, and requires explicit confirmation before production orders per the docs. User should be aware of what is stored locally and that the agent will write those files.
Assessment
This skill appears coherent for interacting with Binance. Before installing: 1) Use testnet keys first and keep production keys disabled until you confirm flows. 2) Provide API credentials with minimal privileges (e.g., restrict IPs, limit permissions) and rotate keys regularly. 3) Ensure BINANCE_API_SECRET is never stored in repository files or in the local runbook files; verify ~/binance contents to confirm only metadata/runbooks are saved. 4) Note the docs reference optional env vars (BINANCE_BASE_URL, BINANCE_WS_BASE, BINANCE_TESTNET) that the agent may read if set — review your environment before use. 5) Confirm the agent prompts for explicit approval before placing any production orders (the SKILL.md says it will, but enforce that policy if your platform allows). If you want higher assurance, request the skill author to declare the optional env vars explicitly in metadata and to provide an auditable confirmation step for any production trade.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978d91xhg6afxdkm9adweryb5826br7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
OSLinux · macOS · Windows
Binscurl, openssl, jq
EnvBINANCE_API_KEY, BINANCE_API_SECRET

SKILL.md

Binance Spot API Operations

Setup

On first use, read setup.md for integration preferences and safe environment defaults.

When to Use

User needs to read Binance market data, place or manage Spot orders, or troubleshoot signed API calls from terminal workflows. Agent handles request signing, filter validation, rate-limit safety, and WebSocket reconciliation.

Architecture

Memory lives in ~/binance/. See memory-template.md for structure.

~/binance/
├── memory.md            # API mode, symbols, and execution preferences
├── runbooks.md          # Repeatable workflows that worked in production
├── incidents.md         # Failures, response codes, and fixes
└── snapshots/           # Symbol filters and pre-trade validation captures

Quick Reference

TopicFile
Setup behaviorsetup.md
Memory templatememory-template.md
Fast start commandsquickstart.md
Auth and signaturesauth-signing.md
Market data patternsmarket-data.md
Streams and WS APIwebsocket.md
SDK and CLI optionssdk-cli.md
Limits and error handlingerrors-limits.md
Spot testnet operationstestnet.md
Incident recoverytroubleshooting.md

Requirements

  • curl
  • openssl
  • jq
  • BINANCE_API_KEY and BINANCE_API_SECRET for signed Spot requests
  • Optional: BINANCE_BASE_URL, BINANCE_WS_BASE, and BINANCE_TESTNET=1

Never commit API keys or secrets to repository files.

Data Storage

  • ~/binance/memory.md for preferences and environment mode
  • ~/binance/runbooks.md for proven workflows
  • ~/binance/incidents.md for outage and error history
  • ~/binance/snapshots/ for exchangeInfo and filter captures

Core Rules

1. Start in Spot Testnet by Default

  • Use production only after explicit confirmation in the current conversation.
  • Run the same flow in testnet first for every new order or account workflow.

2. Enforce Timestamp and Signature Correctness

  • Sync server time before signed calls and keep recvWindow realistic.
  • Sort params before signing and include every signed field in the canonical string.

3. Validate Symbol Filters Before Creating Orders

  • Read symbol filters from exchangeInfo and enforce PRICE_FILTER, LOT_SIZE, and MIN_NOTIONAL.
  • Reject order payloads locally before sending requests that will fail.

4. Use Test Order Before Real Order

  • For every new payload shape, call POST /api/v3/order/test first.
  • Promote to POST /api/v3/order only when payload and filters are confirmed.

5. Reconcile Every Order Through User Events

  • Treat placement response as provisional when network quality is poor.
  • Confirm final state through executionReport events and REST queries.

6. Respect Rate Limits and Back Off Fast

  • Parse rateLimits in responses and throttle proactively.
  • On 429 or 418, pause, back off exponentially, and avoid hammering retries.

7. Keep Scope Tight and Transparent

  • Use only declared Binance endpoints and symbols requested by the user.
  • Never modify this skill or unrelated local files.

Binance Traps

  • Using local clock drifted by seconds causes -1021 and fake auth failures.
  • Reusing old signatures after changing params causes -1022.
  • Sending quantity not aligned to stepSize fails despite valid account balance.
  • Assuming order status from placement response misses partial fills and cancels.
  • Opening long-lived market data sockets past 24h leads to silent disconnect behavior.
  • Ignoring 429 weight responses can trigger temporary automated bans.

External Endpoints

Only official Binance API surfaces below are used by this skill.

EndpointData SentPurpose
https://api.binance.com and https://api-gcp.binance.comSigned trade/account params, market query paramsSpot REST production
https://api1.binance.com to https://api4.binance.comSame as Spot RESTAlternative production REST hosts
https://data-api.binance.visionPublic market data params onlySpot public market data
wss://stream.binance.com:9443 and wss://stream.binance.com:443Stream subscribe payloads and listenKey stream dataSpot market/user streams
wss://data-stream.binance.visionMarket stream subscriptions onlyPublic market streams
wss://ws-api.binance.com:443/ws-api/v3WS API signed and unsigned request payloadsSpot WebSocket API
https://testnet.binance.vision, wss://stream.testnet.binance.vision, wss://ws-api.testnet.binance.vision/ws-api/v3Test order/account payloadsSpot testnet validation

No other data is sent externally.

Security & Privacy

Data that leaves your machine:

  • API key identifier and signed params for account and trading endpoints
  • Requested symbols, intervals, and market stream subscriptions

Data that stays local:

  • Operational memory and incident logs in ~/binance/
  • Local helper scripts and runbooks created during sessions

This skill does NOT:

  • Send data to undeclared services
  • Place production orders without explicit confirmation
  • Store API secrets in repository files
  • Modify this skill definition file

Trust

By using this skill, request data is sent to Binance infrastructure. Only install if you trust Binance with your operational trading metadata.

Related Skills

Install with clawhub install <slug> if user confirms:

  • api - Build and debug robust HTTP API request workflows
  • auth - Handle API auth models, signatures, and credential safety
  • bash - Automate shell workflows with safer command composition
  • bitcoin - Add BTC domain context when analyzing crypto execution

Feedback

  • If useful: clawhub star binance
  • Stay updated: clawhub sync

Files

11 total
Select a file
Select a file to preview.

Comments

Loading comments…