ClawHub

Bitstamp Trader

v1.0.0

Safety-first Bitcoin and crypto trading on Bitstamp via CLI. Use when the user wants to check crypto prices, view account balance, place buy/sell orders, man...

0· 350·1 current·1 all-time
byZhen@zhen08
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the contained script and docs. The only secrets referenced are BITSTAMP_API_KEY and BITSTAMP_API_SECRET (used for private Bitstamp API calls), which is appropriate for a trading CLI. There are no unrelated credentials or external services requested.
Instruction Scope
SKILL.md limits actions to fetching market data and trading via the included script. It directs the agent to use environment variables for keys, keep dry-run by default, and use explicit --live for real trades. The script reads/writes config and audit files under ~/.config/bitstamp-trader (documented in safety.md) — this is expected for local CLI tooling and safety logging. No instructions reference unexpected system files or external endpoints beyond Bitstamp/CCXT.
Install Mechanism
No automatic install step is provided. The script depends on ccxt and suggests activating a local .venv and installing ccxt; it does not download arbitrary archives or execute remote installers. This reduces install-time risk.
Credentials
The skill asks for BITSTAMP_API_KEY and BITSTAMP_API_SECRET for live trades only, which is proportional. It also supports an optional BITSTAMP_CONFIG_DIR override. The README explicitly recommends trade-only API permissions and IP whitelisting. There are no unexplained SECRET/TOKEN env vars.
Persistence & Privilege
The skill does write local state (audit.jsonl, daily_volume.json, KILL_SWITCH) under ~/.config/bitstamp-trader to implement audit and kill-switch functionality, which is reasonable for a trading CLI. It does not request always:true nor modify other skills or system-wide agent settings.
Assessment
This skill appears coherent with its purpose, but follow best practices before using it with live funds: 1) Review the full script yourself (or have someone you trust review it) to confirm there are no hidden network endpoints or data exfiltration paths. 2) Create a Bitstamp API key with Orders (trading) only and explicitly disable Withdrawals; enable IP whitelisting. 3) Test extensively in dry-run mode and with small amounts if you enable --live. 4) Keep API keys in environment variables as recommended and never paste them into chat. 5) Be aware the skill will write logs and a kill-switch file to ~/.config/bitstamp-trader; if you need a different location set BITSTAMP_CONFIG_DIR. 6) Install and run inside a dedicated virtual environment (the code checks for .venv) so dependencies like ccxt are isolated.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f88j9986b9008rsg1addc4x81z2yf
350downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Zhen@zhen08
latest
Download

Bitstamp Trader

Safety-first crypto trading CLI powered by CCXT.

Quick Reference

All commands use the script at scripts/bitstamp.py. Run via:

python3 scripts/bitstamp.py <command> [options]

Market Data (no auth needed)

python3 scripts/bitstamp.py ticker                    # BTC/USD price
python3 scripts/bitstamp.py ticker -m ETH/USD         # ETH price
python3 scripts/bitstamp.py orderbook -m BTC/USD -d 5 # Top 5 order book
python3 scripts/bitstamp.py markets --all              # All available pairs

Account (requires API keys)

python3 scripts/bitstamp.py balance           # Account balances
python3 scripts/bitstamp.py orders            # Open orders
python3 scripts/bitstamp.py trades --limit 10 # Recent trade history

Trading (dry-run by default)

# Dry-run (simulation)
python3 scripts/bitstamp.py buy 0.001 -m BTC/USD              # Market buy
python3 scripts/bitstamp.py buy 0.001 -m BTC/USD -p 50000     # Limit buy
python3 scripts/bitstamp.py sell 0.5 -m ETH/USD               # Market sell

# Live execution (add --live)
python3 scripts/bitstamp.py buy 0.001 -m BTC/USD --live       # REAL market buy
python3 scripts/bitstamp.py sell 0.5 -m ETH/USD -p 4000 --live

Order Management

python3 scripts/bitstamp.py cancel --order-id 12345 -m BTC/USD
python3 scripts/bitstamp.py cancel --all   # Cancel all open orders

Safety Controls

python3 scripts/bitstamp.py kill-switch                         # EMERGENCY STOP
python3 scripts/bitstamp.py kill-switch --status                # Check status
python3 scripts/bitstamp.py kill-switch --deactivate            # Resume trading
python3 scripts/bitstamp.py config                              # View safety limits
python3 scripts/bitstamp.py config --set max_order_size_usd=200 # Adjust limits
python3 scripts/bitstamp.py audit --limit 30                    # View audit log

Setup

  1. Set API keys as environment variables:

    export BITSTAMP_API_KEY="your-key"
export BITSTAMP_API_SECRET="your-secret"

  2. On Bitstamp, create an API key with Orders permission only (NO Withdrawals). Enable IP whitelisting.

  3. Test with: python3 scripts/bitstamp.py ticker

Safety Details

See references/safety.md for full safety architecture:

  • Dry-run default, kill switch, max order size, daily limits, price sanity checks

API Details

See references/api-reference.md for Bitstamp API specifics, permissions, and rate limits.

Important Rules

  • NEVER place live orders without explicit user confirmation. Always dry-run first.
  • NEVER store API keys in files. Use environment variables only.
  • When user says "buy" or "sell" without --live, always run as dry-run and show what WOULD happen.
  • For live trades, always show the dry-run result first, then ask for confirmation before adding --live.
  • If anything seems wrong (price spike, unusual volume, API errors), activate the kill switch.
  • Log everything. Check audit log when debugging issues.

Comments

Loading comments...