ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kraken CLI

v1.2.0

Use a Bash CLI to query Kraken Spot and Futures APIs, inspect account state, run guarded trading and funding actions, and work with Kraken websocket payloads...

0· 275·0 current·0 all-time
byGabriel Chiappa@gabriel-0110·fork of @oscraters/kraken-cli

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gabriel-0110/kraken-spot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Kraken CLI" (gabriel-0110/kraken-spot) from ClawHub.
Skill page: https://clawhub.ai/gabriel-0110/kraken-spot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: KRAKEN_API_BASE_URL
Required binaries: bash, curl, openssl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install kraken-spot

ClawHub CLI

Package manager switcher

npx clawhub@latest install kraken-spot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (Kraken Spot/Futures CLI) matches the code: the CLI implements public, private, futures, and websocket flows and will legitimately need Kraken API keys/secrets for private endpoints. However the registry metadata and SKILL.md only declare KRAKEN_API_BASE_URL and a primaryEnv KRAKEN_API_KEY; the implementation also requires KRAKEN_API_SECRET, KRAKEN_FUTURES_API_KEY, and KRAKEN_FUTURES_API_SECRET for private/futures calls. That mismatch between stated requirements and actual necessary credentials is an incoherence.
!
Instruction Scope
SKILL.md instructs the agent to run the local bin/openclaw-kraken CLI and to read secrets from environment (OpenClaw secret refs). The instructions themselves are scoped to Kraken APIs. The problem: the SKILL.md metadata omits several environment variables and runtime binaries that the code actually reads/uses (see environment_proportionality and install_mechanism). The code reads many env vars (KRAKEN_API_SECRET, KRAKEN_FUTURES_API_KEY/SECRET, KRAKEN_OTP, KRAKEN_REQUIRE_CONFIRM, etc.) and may invoke a Node websocket client; SKILL.md does not list those explicitly in the published requires block.
Install Mechanism
This skill is instruction-only in the registry (no remote install script), and all code is included in the bundle (no downloads from arbitrary URLs) — low install risk. Minor oddities: the CLI shebang points to /opt/homebrew/bin/bash (non-portable) and the skill includes a Node script (scripts/ws_client.mjs) but the metadata does not list node as a required runtime.
!
Credentials
Metadata declares only KRAKEN_API_BASE_URL and marks KRAKEN_API_KEY as primary, but the code requires additional secrets: KRAKEN_API_SECRET for private REST signing, plus KRAKEN_FUTURES_API_KEY and KRAKEN_FUTURES_API_SECRET for futures private endpoints. The code also expects utilities like base64 and od and may require jq for some output modes. The registry/metadata under-declares sensitive env vars and runtime dependencies, which is disproportionate and could lead to silent failures or unexpected secret exposure if the platform doesn't inject those secrets.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request system-wide config changes or other skills' credentials. Autonomous invocation (disable-model-invocation:false) is the platform default; by itself this is not flagged, and here it does not combine with other escalation markers.
What to consider before installing
This appears to be a genuine Kraken CLI, but the published metadata is incomplete: the code needs KRAKEN_API_SECRET and futures API secrets (and may need node, base64, od, jq) even though the skill only declared KRAKEN_API_BASE_URL and KRAKEN_API_KEY. Before installing: (1) ask the publisher to update SKILL.md/registry metadata to list all required secret environment variables and runtime binaries; (2) confirm how OpenClaw will inject the additional secrets (KRAKEN_API_SECRET, KRAKEN_FUTURES_API_KEY/SECRET) as secret refs rather than plaintext; (3) if you will allow agent-autonomous invocation, ensure you trust the skill because it can place trades/withdraw funds (state-changing operations require --confirm but confirm behavior can be changed via KRAKEN_REQUIRE_CONFIRM); and (4) review included test files (they contain example secret strings) and ensure no real secrets are embedded. If you cannot obtain an updated, complete metadata manifest from the publisher, treat the skill as risky and avoid installing it into agents that have access to real exchange API credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, curl, openssl
EnvKRAKEN_API_BASE_URL
Primary envKRAKEN_API_KEY
latestvk97fqr9x0aq8vw7hn597dnd63x82xa4q
275downloads
0stars
2versions
Updated 23h ago
v1.2.0
MIT-0
Gabriel Chiappa@gabriel-0110
latest
Download

OpenClaw Kraken

Use {baseDir}/bin/openclaw-kraken for Kraken Spot REST tasks.

Use when

  • The user wants Kraken market data.
  • The user wants Kraken account state from private REST endpoints.
  • The user wants guarded order placement, funding, earn, futures, subaccount, or websocket actions through a local Bash tool instead of ad hoc curl commands.

Rules

  • Never print API secrets, signatures, or raw auth headers.
  • Read secrets from the environment only. In OpenClaw, inject them via secret refs rather than plaintext config.
  • Refuse to run if required config is missing or malformed.
  • Use configured base URLs only. Do not accept arbitrary destination URLs.
  • Preserve stdout for API results; use --jq or --compact when structured formatting is needed.
  • Prefer read-only endpoints unless the user clearly asked for a state-changing action.
  • For state-changing aliases such as trading, withdrawal, earn allocation, or subaccount transfer operations, require --confirm.

Commands

  • market time
  • market ticker --pair XBTUSD
  • account balance
  • funding deposit-methods --asset ETH
  • earn strategies --ascending true
  • futures call market.tickers
  • ws spot-public --message-json '{"method":"ping"}'
  • orders add --pair XBTUSD --side buy --type limit --volume 0.01 --price 25000 --time-in-force GTC --post-only true --confirm
  • call funding.withdraw-info --asset ETH --key MyWallet --amount 0.5

Configuration

  • Non-secret config is read from environment or OPENCLAW_KRAKEN_CONFIG.
  • Secrets must be provided via environment variables that OpenClaw resolves from secret refs.
  • See {baseDir}/README.md for examples.

Comments

Loading comments...