ClawHub

ZKE Exchange Trading Skill

ZKE AI Master Trader (Official). Control spot and futures trading, manage assets, and access real-time market data on ZKE Exchange.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 35 · 0 current installs · 0 all-time installs
by@ZKE-Exchange
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description request ZKE API keys and the bundle contains Python and TypeScript code that implements spot/futures trading, transfers, withdrawals, and WebSocket market data. Requiring python3 and npm is consistent with the provided Python runtime and local TypeScript bridge.
Instruction Scope
SKILL.md instructs running the provided install_openclaw_plugin.sh and setting ZKE_API_KEY/ZKE_SECRET_KEY only. The README claim 'does not generate or use local plaintext configuration files' is mostly true for credentials (they come from env vars), but the installer creates a local virtualenv (.venv) and compiles/installs the plugin locally; the runtime code exposes many trading/withdrawal operations via MCP tools.
Install Mechanism
No external arbitrary binary downloads; installer runs npm install/build and pip install from requirements.txt and registers the plugin via the openclaw CLI. This is expected but causes network pulls of npm/pip packages (normal but should be reviewed). The install script also requires the host to have the openclaw CLI available.
Credentials
Only ZKE_API_KEY and ZKE_SECRET_KEY are required which is proportionate for an exchange integration. However the code includes withdrawal and transfer functionality — so API keys with withdrawal permission would allow asset movement. SKILL.md itself recommends disabling withdrawals and using IP whitelisting; that advice should be followed.
Persistence & Privilege
always:false (no forced always-on). The skill exposes MCP tools (mcp.tool) that the agent can invoke (disable-model-invocation is false by default), which is normal for skills. Consider whether you want the agent to be allowed to autonomously invoke trading/withdrawal actions.
Assessment
This package appears to implement exactly what it says (trading, transfers, withdrawals, market data). Before installing: (1) Verify the publisher/repository links (homepage and GitHub) and confirm the code origin. (2) Create API keys limited to Read/Trade only (disable Withdrawals) and enable IP whitelisting — do not supply a withdrawal-enabled key unless you explicitly trust the source. (3) Review package.json and requirements.txt for third-party dependencies you don't expect. (4) Run the installer in an isolated environment (container or VM) and inspect the built plugin before enabling in production. (5) Consider disabling autonomous model invocation for this skill or require manual confirmation for any action that moves funds. If you want higher assurance, ask the maintainer for a signed release or official distribution channel and/or perform an independent code audit of the included files.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.13
Download zip
BTCvk9791baatws0ygjaa2pzhj4dqh83773nBitcoinvk9791baatws0ygjaa2pzhj4dqh83773nCrypto Exchangevk9791baatws0ygjaa2pzhj4dqh83773nETHvk9791baatws0ygjaa2pzhj4dqh83773nEthereumvk9791baatws0ygjaa2pzhj4dqh83773nZKEvk9791baatws0ygjaa2pzhj4dqh83773nautomationvk971c9q304g6fkn6gn266easgd837hrnbtcvk971c9q304g6fkn6gn266easgd837hrncryptovk971c9q304g6fkn6gn266easgd837hrnethvk971c9q304g6fkn6gn266easgd837hrnexchangevk971c9q304g6fkn6gn266easgd837hrnfinancevk971c9q304g6fkn6gn266easgd837hrnlatestvk971c9q304g6fkn6gn266easgd837hrnmcpvk971c9q304g6fkn6gn266easgd837hrnsdkvk971c9q304g6fkn6gn266easgd837hrntradingvk971c9q304g6fkn6gn266easgd837hrnzkevk971c9q304g6fkn6gn266easgd837hrnzke-exchangevk973g8nxdrc2q71qx20nq041x9837dba

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, npm
EnvZKE_API_KEY, ZKE_SECRET_KEY
Primary envZKE_API_KEY

SKILL.md

ZKE Exchange Trading Skill (Official)

The Official OpenClaw (MCP) implementation for secure, conversational trading on ZKE Exchange.

🔒 Security Architecture (Strict Compliance)

  • No Plaintext Storage: This plugin does not generate or use local plaintext configuration files (e.g., no config.json).
  • Standard Environment Variables: Authentication strictly relies on standard MCP environment variables to ensure your credentials remain secure.
  • Least Privilege & Withdrawals: This SDK explicitly supports asset transfers and withdrawals. We strongly recommend that your API Keys have Withdrawals Disabled and are restricted to Read/Trade only. Always enforce IP Whitelisting in your ZKE API management console.
  • Local Build Only: The included installer strictly builds local TypeScript/Python dependencies and registers the plugin. It does not fetch executable code from remote, unverified sources during runtime.

🛠️ Installation & Setup

  1. Compile & Register Plugin: Run the bundled secure build script. This will set up the Python virtual environment and compile the local TypeScript bridge: 
    bash install_openclaw_plugin.sh

2.Configure Environment Variables (Required): You must provide the following environment variables in your OpenClaw host configuration to enable trading capabilities:

ZKE_API_KEY: Your ZKE API Access Key

ZKE_SECRET_KEY: Your ZKE API Secret Key

🪄 Magic Prompts "What is the current market depth for ASTER/USDT?"

"Place a limit sell order for 10 ASTER at 0.85."

"Transfer 100 USDT from my Spot account to my Futures account."

"Show my recent trading history on ZKE."

🔗 Official Resources Website: https://zke.com

Interactive Guide: https://support.zke.com/skills/

GitHub Repository: https://github.com/ZKE-Exchange/zke-trading-sdk

Licensed under MIT-0. Developed by ZKE Exchange AI Division.

Files

41 total
Select a file
Select a file to preview.

Comments

Loading comments…