Kraken Exchange
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Kraken integration, but it can control real-money trading and includes a scheduled-buy example that may execute trades without a fresh confirmation.
Install only if you are comfortable giving an agent access to Kraken. Use read-only keys unless you truly need trading, verify the tentactl binary source, avoid live DCA cron automation unless you intentionally want recurring trades, and require explicit confirmation before any real-money order.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A recurring task could place real Kraken trades automatically, causing financial loss if the task is wrong, runs at the wrong time, or is forgotten.
This example creates a scheduled real-money purchase and instructs the agent to execute after validation, without including the explicit per-run confirmation required elsewhere in the safety rules.
openclaw cron add --schedule "0 9 * * 1" --task "Buy $50 of BTC on Kraken using the kraken skill. Use validate first, then execute."
Do not schedule live trading unless you intentionally want recurring orders. Prefer validate-only or alert-only automation, require fresh confirmation before each live order, and keep trade amounts and API-key permissions tightly limited.
If the key is over-permissioned or mishandled, an agent or attacker could read account data and potentially place, modify, or cancel trades.
The skill tells users that authenticated trading requires Kraken API keys with order-creation permissions; this is expected for a trading integration but grants high-impact account authority.
Trading: also enable **Create & Modify Orders**
Use read-only Kraken keys for market data and portfolio checks. Only enable trading permissions when needed, avoid unnecessary permissions, and consider Kraken-side restrictions such as key limits or IP allowlisting.
This is purpose-aligned, but it moves exchange secrets from a password manager into a local file that any process running as the user may be able to read.
The setup helper can reveal Kraken credentials from 1Password and store them in a local plaintext environment file, protected with chmod 600.
op item get "$ITEM_ID" --fields label=API-key --reveal ... echo "KRAKEN_API_SECRET=$API_SECRET" >> "$ENV_FILE"; chmod 600 "$ENV_FILE"
Run the setup only on a trusted machine, inspect ~/.tentactl.env permissions, and remove the file when no longer needed.
A compromised or unexpected tentactl build would receive Kraken API access and could affect account data or trading actions.
The main functionality is delegated to an external binary installed from the package ecosystem or GitHub Releases; the artifact does not pin a version in the shown install command.
cargo install tentactl
Install tentactl only from a trusted source, pin or record the version you reviewed, and verify release provenance before using trading keys.