Coinbase

v1.0.0

Access Coinbase API to fetch balances, get EUR trading pairs, create market or limit crypto orders, and view order history and fills.

⭐ 0· 107·0 current·0 all-time

by@mtrab

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mtrab/openclaw-coinbase.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Coinbase" (mtrab/openclaw-coinbase) from ClawHub.
Skill page: https://clawhub.ai/mtrab/openclaw-coinbase
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install mtrab/openclaw-coinbase

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-coinbase

Security Scan

Capability signals

CryptoRequires walletRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The Python module implements Coinbase CDP API calls (balances, products, orders, fills) consistent with the skill description. However the registry metadata declares no required credentials or env vars, while the SKILL.md/README and the code require an API key and a PEM private key file — a mismatch between declared requirements and actual runtime needs.

ℹ

Instruction Scope

Runtime instructions are narrowly scoped to Coinbase API usage (install cryptography/PyJWT, create .coinbase-api-key and .coinbase-api-secret files, call the provided functions). The instructions do not ask the agent to read unrelated system files or transmit data to non-Coinbase endpoints. Caveat: they require placing a private key file alongside the script, which raises local secrets-management concerns.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no external binary downloads; risk from installation mechanism is low. Dependencies are standard Python packages (cryptography, PyJWT) noted in README.

Credentials

The skill needs two sensitive secrets (API key and private key PEM) but declares no required env vars or primary credential in the registry. The code reads credential files from the script directory (.coinbase-api-key and .coinbase-api-secret), which is reasonably minimal for the stated purpose but the absence of declared credentials in metadata is an incoherence that should be resolved. Storing an unencrypted private key in the repo directory is a potential security risk.

✓

Persistence & Privilege

The skill does not request always: true, does not modify other skills, and is user-invocable only. It does not request elevated persistent presence or system-wide changes.

What to consider before installing

What to check before installing: 1) Confirm the skill source and author — registry owner ID (kn7df...) does not match the _meta.json ownerId (@mtrab), which may indicate a copy/paste or provenance issue. 2) The registry metadata declares no credentials but the code requires an API key and a PEM private key file; ensure you provide keys only if you trust the author. 3) Prefer storing private keys in a secure location (environment variables or a secrets manager) rather than a plaintext file next to the script; if you must use files, restrict file permissions and don't commit them to version control. 4) Review the script for any unexpected network endpoints (it contacts https://api.coinbase.com paths, which is expected) and validate that these endpoints match your intended Coinbase environment. 5) Consider running the code in a restricted environment (dedicated VM/container, with least privileges) and test read-only operations (e.g., fetching balances/products) before allowing order creation. 6) If you need higher assurance, request provenance (author identity, signed release) or prefer an officially published Coinbase integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajew3eqzj5vkfn9cderqpex8573cv

107downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

Coinbase Skill

This skill provides access to Coinbase trading API for crypto trading agents.

Features

Fetch account balances (EUR, BTC, etc.)
Get trading products (EUR pairs)
Create market and limit orders
View order history and fills

Usage

Get Balances

from scripts.coinbase import get_euro_balance, get_btc_balance, get_all_balances

eur = get_euro_balance()
btc = get_btc_balance()
all_balances = get_all_balances()

Get Products

from scripts.coinbase import get_eur_products, get_product

# All EUR trading pairs
products = get_eur_products()

# Specific product
btc_eur = get_product('BTC-EUR')

Create Orders

from scripts.coinbase import create_order

# Market buy order
result = create_order(
    product_id='BTC-EUR',
    side='BUY',
    size='0.001'  # Amount in base currency
)

# Limit order
result = create_order(
    product_id='BTC-EUR',
    side='BUY',
    size='0.001',
    price='45000',  # Limit price
    order_type='LIMIT'
)

Order History

from scripts.coinbase import get_fills, get_orders

# Recent trades
fills = get_fills()

# Specific product
fills_btc = get_fills(product_id='BTC-EUR')

# Order history
orders = get_orders()

Installation

Requirements

Coinbase API keys (CDP App)
Python 3 with cryptography package

Setup

Create these files in the same directory as the script:

.coinbase-api-key     # Your API key
.coinbase-api-secret  # Your private key (PEM format)

Get API Keys

Go to Coinbase Developer Platform
Create a new App
Copy API key and private key to the files

Notes

All trades are in EUR pairs
Use side='BUY' or side='SELL'
size is in base currency (e.g., BTC, not EUR)

Comments

Loading comments...