ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kraken Exchange

v0.3.2

Interact with the Kraken cryptocurrency exchange — spot + futures, REST + WebSocket. Use when: (1) checking crypto prices or market data, (2) viewing account...

0· 522·0 current·0 all-time
bybeknar.askarov@askbeka
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Kraken spot + futures, REST + WS) match the requested binary (tentactl) and the KRAKEN_API_KEY/KRAKEN_API_SECRET environment variables. The included wrappers and docs all call tentactl and target Kraken endpoints — the requested pieces are proportionate to the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to run the tentactl MCP binary via scripts/kraken.sh and scripts/kraken.py, load ~/.tentactl.env for keys, and optionally use the provided setup-keys.sh to populate that file (including using the 1Password CLI). The instructions do not read unrelated system files or attempt to transmit secrets to unexpected endpoints; everything stays within Kraken/tentactl usage. Note: setup-keys.sh will enumerate and print 1Password item titles for user selection (local op CLI usage).
Install Mechanism
There is no platform-level install spec, but SKILL.md contains an 'install via cargo' recommendation (cargo install tentactl / GitHub Releases). Using cargo or GitHub releases is a reasonable install path. Because the skill delegates to an external binary, the security depends on the trustworthiness of the tentactl binary/repo; the skill itself does not fetch arbitrary archives or run downloads from untrusted URLs.
Credentials
Only KRAKEN_API_KEY and KRAKEN_API_SECRET are required for authenticated actions, which is appropriate. The scripts optionally respect KRAKEN_ENV_FILE and KRAKEN_MCP_BINARY but do not require unrelated credentials. Keys are written to ~/.tentactl.env (documented) with chmod 600 — reasonable but means the file contains long-lived credentials.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes and reads only its own env file (~/.tentactl.env) and does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with any unusual privileges here.
Assessment
This skill is internally consistent and appears to do what it claims, but you should: (1) only install or run it if you trust the tentactl binary/repo (inspect source or use official GitHub Releases), since the wrapper delegates all action to that binary; (2) prefer creating least-privilege Kraken API keys (read-only for queries, narrow trading perms only when needed) and keep them in a secure vault; (3) be aware the setup script can read from your local 1Password CLI (it lists item titles and can reveal fields) — run it only on machines you control; (4) test trading actions with validate:true and explicit user confirmation (the SKILL.md recommends this); and (5) if you need higher assurance, review tentactl's source or build the binary locally rather than installing an unsigned release.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐙 Clawdis
Binstentactl
EnvKRAKEN_API_KEY, KRAKEN_API_SECRET
latestvk97bd08tx6hmrzq19r6rfw508581x4cn
522downloads
0stars
8versions
Updated 8h ago
v0.3.2
MIT-0
beknar.askarov@askbeka
latest
Download

Kraken Exchange

MCP server for the Kraken cryptocurrency exchange — 114 tools covering spot, futures, REST, and WebSocket APIs. Source: github.com/askbeka/tentactl (MIT license).

How It Works

tentactl is a Rust binary that speaks MCP (Model Context Protocol) over stdio. It provides:

  • Spot REST (57 tools): Market data, account info, trading, funding, earn, subaccounts, exports
  • Futures REST (21 tools): Instruments, positions, orders, transfers, funding rates
  • Spot WebSocket v2 (19 tools): Live market data streams, real-time order management
  • Futures WebSocket (17 tools): Live futures feeds, real-time futures trading

Setup

1. Install the binary

cargo install tentactl

Or download from GitHub Releases (Linux, macOS, Windows).

2. Configure API keys (optional)

Market data tools work without any keys. For account and trading tools:

echo "KRAKEN_API_KEY=your-key" > ~/.tentactl.env
echo "KRAKEN_API_SECRET=your-secret" >> ~/.tentactl.env
chmod 600 ~/.tentactl.env

Or use the 1Password setup script: scripts/setup-keys.sh

Key permissions: Create keys at https://www.kraken.com/u/security/api

  • Read-only: enable Query Funds and Query Open Orders & Trades
  • Trading: also enable Create & Modify Orders

Usage

# Market data (no auth)
scripts/kraken.sh get_ticker '{"pair":"XBTUSD"}'
scripts/kraken.sh get_orderbook '{"pair":"ETHUSD","count":5}'
scripts/kraken.sh futures_tickers '{}'

# Live WebSocket streams
scripts/kraken.sh ws_subscribe_ticker '{"symbols":["BTC/USD"]}'
scripts/kraken.sh ws_subscribe_book '{"symbols":["ETH/USD"],"depth":10}'
scripts/kraken.sh wf_subscribe_ticker '{"product_ids":["PI_XBTUSD"]}'
scripts/kraken.sh ws_status '{}'

# Account (needs API keys)
scripts/kraken.sh get_balance '{}'
scripts/kraken.sh futures_open_positions '{}'

# Trading (needs API keys) ⚠️ REAL MONEY
scripts/kraken.sh place_order '{"pair":"XBTUSD","direction":"buy","order_type":"limit","volume":"0.001","price":"50000","validate":true}'
scripts/kraken.sh ws_add_order '{"symbol":"BTC/USD","side":"buy","order_type":"limit","limit_price":"50000","order_qty":"0.001","validate":true}'

Tools Reference

See references/tools.md for full parameter docs on all 114 tools.

Safety Rules

  • ALWAYS use validate: true first when placing orders
  • ALWAYS confirm with the user before placing real orders
  • NEVER place orders without explicit user approval
  • Market orders execute IMMEDIATELY — prefer limit orders
  • Display validation result and ask for confirmation before removing validate
  • Trading tools are marked with ⚠️ REAL MONEY in their descriptions

Trading Pairs

  • Spot REST: Kraken format — XBTUSD, ETHUSD, SOLUSD
  • Spot WebSocket: Standard format — BTC/USD, ETH/USD, SOL/USD
  • Futures: Product IDs — PI_XBTUSD, PI_ETHUSD, PF_SOLUSD

Automation Patterns

DCA (Dollar Cost Average)

openclaw cron add --schedule "0 9 * * 1" --task "Buy $50 of BTC on Kraken using the kraken skill. Use validate first, then execute."

Price Alerts

Subscribe to WebSocket ticker, check thresholds in heartbeat/cron, notify via WhatsApp/Telegram.

Portfolio Monitoring

Cron job that checks balances + positions + current prices, calculates P&L, alerts on significant changes.

Funding Rate Arbitrage

Subscribe to futures tickers, monitor funding rates, alert when rates diverge significantly.

Comments

Loading comments...