ClawHub

Binance API

v1.0.0

Operate Binance Spot APIs through safe REST, WebSocket, and SDK workflows with signed requests, rate-limit control, and testnet-first execution.

3· 1k·12 current·12 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the declared requirements: curl/openssl/jq and BINANCE_API_KEY/ BINANCE_API_SECRET are appropriate for signing and calling Binance Spot endpoints. Declared endpoints and SDK guidance align with the stated purpose.
Instruction Scope
SKILL.md is instruction-only and stays within Binance operations (REST/WS/signing/rate limits). It instructs creating and writing operational files under ~/binance (memory.md, runbooks.md, incidents.md, snapshots) which is reasonable for runbook/history storage. Minor mismatch: several optional environment variables referenced in docs (BINANCE_BASE_URL, BINANCE_WS_BASE, BINANCE_TESTNET) are not listed in the declared requires.env—these are optional, but the agent may read them if present.
Install Mechanism
No install spec and no code files — lowest-risk instruction-only skill. It does shell-based signing examples using openssl/curl/jq which are declared required binaries.
Credentials
Only BINANCE_API_KEY and BINANCE_API_SECRET are required, which are proportional to the trading/troubleshooting purpose. No unrelated credentials or broad-scoped secrets are requested.
Persistence & Privilege
The skill writes and maintains local state under ~/binance and recommends file permissions (chmod 700/600). It does not request always:true, does not modify other skills, and requires explicit confirmation before production orders per the docs. User should be aware of what is stored locally and that the agent will write those files.
Assessment
This skill appears coherent for interacting with Binance. Before installing: 1) Use testnet keys first and keep production keys disabled until you confirm flows. 2) Provide API credentials with minimal privileges (e.g., restrict IPs, limit permissions) and rotate keys regularly. 3) Ensure BINANCE_API_SECRET is never stored in repository files or in the local runbook files; verify ~/binance contents to confirm only metadata/runbooks are saved. 4) Note the docs reference optional env vars (BINANCE_BASE_URL, BINANCE_WS_BASE, BINANCE_TESTNET) that the agent may read if set — review your environment before use. 5) Confirm the agent prompts for explicit approval before placing any production orders (the SKILL.md says it will, but enforce that policy if your platform allows). If you want higher assurance, request the skill author to declare the optional env vars explicitly in metadata and to provide an auditable confirmation step for any production trade.

Like a lobster shell, security has layers — review code before you run it.

latestvk978d91xhg6afxdkm9adweryb5826br7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
OSLinux · macOS · Windows
Binscurl, openssl, jq
EnvBINANCE_API_KEY, BINANCE_API_SECRET

Comments