ClawHub

Coinbase OpenAPI Skill

v1.0.0

Operate Coinbase Advanced Trade REST APIs through UXC with a curated OpenAPI schema, products-first discovery, and explicit JWT bearer auth guidance.

0· 144·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name, description, OpenAPI schema, and SKILL.md all align: this is a Coinbase Advanced Trade OpenAPI wrapper that expects to be run via the 'uxc' tool. The included schema, operations, and usage examples match the stated capabilities.
Instruction Scope
Runtime instructions only reference uxc, the Coinbase API host, and the curated OpenAPI schema; they instruct creating a local uxc credential, linking a CLI wrapper, and performing reads/writes with explicit guardrails. There are no instructions to read unrelated system files or transmit data to unknown endpoints.
Install Mechanism
No install spec is present (instruction-only), so nothing arbitrary will be fetched or written during installation. The only external content referenced is a schema hosted on raw.githubusercontent.com and api.coinbase.com, both expected for this purpose. A local validation script requires jq and rg for dev-time checks only.
Credentials
The skill itself declares no required env vars, but the instructions and examples reference COINBASE_KEY_ID and COINBASE_PRIVATE_KEY to be placed in a credential and bound to uxc's jwt_bearer_v1 signer. Requesting the Coinbase key id and ES256 private key is proportionate for minting Coinbase request-scoped JWTs, but the metadata/manifest omission of these env vars is a minor inconsistency that users should be aware of.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It relies on uxc for auth and execution and does not modify other skills or system configurations beyond recommending local credential creation via uxc.
Assessment
This skill appears to do what it says: it uses a curated OpenAPI schema and the 'uxc' tool to talk to Coinbase Advanced Trade. Before installing, verify you trust the 'uxc' binary and its auth binding behaviour (it will be used to store/mint short-lived JWTs). Be aware the instructions expect you to provide a Coinbase key id and a private key (COINBASE_KEY_ID and COINBASE_PRIVATE_KEY); these are highly sensitive — store them in a secure credential store and avoid pasting private keys into logs or chat. Note the manifest doesn't declare required env vars even though the docs reference them; confirm you understand where credentials will be stored and who/what can access them. If you do not fully trust autonomous agent actions, consider disabling autonomous invocation or require explicit user confirmation before performing any write (order create/cancel) operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk975k84hyny526p7bgnyzmtfhn82ze8q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Coinbase Advanced Trade Skill

Use this skill to run Coinbase Advanced Trade REST operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

  • uxc is installed and available in PATH.
  • Network access to https://api.coinbase.com.
  • Access to the curated OpenAPI schema URL:
    • https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json

Scope

This skill covers a curated Coinbase Advanced Trade surface for:

  • product and best-bid-ask market reads
  • account summary reads
  • order create, cancel, and lookup workflows

This skill does not cover:

  • Coinbase Exchange APIs
  • Coinbase Prime APIs
  • Coinbase Derivatives APIs
  • wallet or retail app product families outside Advanced Trade

Authentication

Public product endpoints can be read without credentials.

Private account and order endpoints require a Coinbase Advanced Trade bearer JWT. uxc now supports Coinbase's request-scoped JWT flow directly through jwt_bearer_v1, so you can store the API key id and private key in a credential and let uxc mint the short-lived bearer token per request.

Recommended v1 setup:

  1. Download or copy the Coinbase API key material:
    • key_id: organizations/{org_id}/apiKeys/{key_id}
    • private_key: Coinbase exports either -----BEGIN EC PRIVATE KEY----- or -----BEGIN PRIVATE KEY-----; uxc accepts both PEM forms for ES256.
  2. Store those values in a local credential.
  3. Bind the credential to api.coinbase.com with a jwt_bearer_v1 signer.
uxc auth credential set coinbase-advanced-trade \
  --auth-type api_key \
  --field key_id=env:COINBASE_KEY_ID \
  --field private_key=env:COINBASE_PRIVATE_KEY

uxc auth binding add \
  --id coinbase-advanced-trade \
  --host api.coinbase.com \
  --path-prefix /api/v3/brokerage \
  --scheme https \
  --credential coinbase-advanced-trade \
  --signer-json '{"kind":"jwt_bearer_v1","algorithm":"es256","private_key_field":"private_key","header_typ":"JWT","header_kid_field":"key_id","expires_in_seconds":120,"claims":{"static":{"iss":"cdp"},"from_fields":{"sub":"key_id"},"time":{"nbf":"now","exp":"now_plus_ttl"}},"request_claim":{"name":"uri","format":"string","value_template":"{{request.method}} {{request.host}}{{request.path}}"}}' \
  --priority 100

Validate the active mapping when auth looks wrong:

uxc auth binding match https://api.coinbase.com/api/v3/brokerage/accounts

Core Workflow

  1. Use the fixed link command by default:

    • command -v coinbase-openapi-cli
    • If missing, create it: uxc link coinbase-openapi-cli https://api.coinbase.com --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json
    • coinbase-openapi-cli -h

  2. Inspect operation help before execution:

    • coinbase-openapi-cli get:/api/v3/brokerage/products -h
    • coinbase-openapi-cli get:/api/v3/brokerage/accounts -h
    • coinbase-openapi-cli post:/api/v3/brokerage/orders -h

  3. Prefer product reads before private account or order workflows:

    • coinbase-openapi-cli get:/api/v3/brokerage/products product_type=SPOT limit=20
    • coinbase-openapi-cli get:/api/v3/brokerage/best_bid_ask product_ids=BTC-USD,ETH-USD

  4. Treat all order placement and cancellation as high-risk writes.

Operations

  • get:/api/v3/brokerage/products
  • get:/api/v3/brokerage/products/{product_id}
  • get:/api/v3/brokerage/best_bid_ask
  • get:/api/v3/brokerage/accounts
  • get:/api/v3/brokerage/accounts/{account_uuid}
  • post:/api/v3/brokerage/orders
  • post:/api/v3/brokerage/orders/batch_cancel
  • get:/api/v3/brokerage/orders/historical/{order_id}
  • get:/api/v3/brokerage/orders/historical/batch

Guardrails

  • Keep automation on the JSON output envelope; do not use --text.
  • Parse stable fields first: ok, kind, protocol, data, error.
  • uxc mints a fresh short-lived Coinbase JWT on each private request; do not try to bind a stale pre-generated bearer token when jwt_bearer_v1 is available.
  • Coinbase exports ES256 private keys in more than one PEM form; this skill expects the raw downloaded PEM and does not require a manual PKCS#8 conversion step.
  • Treat post:/api/v3/brokerage/orders and post:/api/v3/brokerage/orders/batch_cancel as high-risk writes.
  • Keep initial product/account pulls narrow with small limit values.
  • coinbase-openapi-cli <operation> ... is equivalent to uxc https://api.coinbase.com --schema-url <coinbase_advanced_trade_openapi_schema> <operation> ....

References

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…