ZKE Exchange Trading Skill
WarnAudited by ClawScan on May 18, 2026.
Overview
This appears to be a real ZKE trading integration, but it gives the agent live trading, transfer, and withdrawal powers through exchange API keys without clear built-in confirmations or limits.
Install only if you intentionally want OpenClaw to help manage a ZKE account. Use a dedicated API key with withdrawals disabled, IP whitelisting, minimal spot/futures permissions, and host-level approval for every trade, transfer, withdrawal, leverage, margin, or bulk-cancel action. Verify the publisher/source before running the installer.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could place real trades if it misinterprets a prompt or is given an overly broad instruction.
The MCP server exposes a tool that places live spot orders through the exchange API. The artifact does not show a built-in confirmation step, spend limit, or dry-run default before the mutation.
@mcp.tool() def create_spot_order(symbol: str, side: str, order_type: str, volume: str, price: str = "") -> Dict[str, Any]: ... data, result = order_service.create_order(...)
Use a dedicated low-privilege API key, require host-level approval before order tools run, and test first with read-only or sandbox credentials if available.
If the configured API key has withdrawals enabled, funds could be sent out of the account.
The withdrawal helper constructs and submits a withdrawal request to the exchange. Withdrawals are high-impact and often irreversible, and this code path does not show an allowlist or explicit confirmation gate.
body = {"symbol": safe_coin, "address": str(address).strip(), "amount": str(amount).strip(), "withdrawOrderId": safe_wo_id}
result = api.withdraw_apply(body)Disable withdrawals on any API key used with this skill, use IP whitelisting, and avoid installing the skill with keys that can withdraw funds.
A single mistaken tool call could cancel many open futures orders at once.
The bulk-cancel function allows an empty body when no contract is supplied, which can make one omitted or mistaken parameter affect all futures orders rather than one scoped order.
def cancel_all_orders(self, contract_name: Optional[str] = None):
body: Dict[str, Any] = {}
if contract_name:
body["contractName"] = contract_name
return self.client.request("POST", "/fapi/v1/cancel_all", body=body, signed=True)Require explicit user confirmation for bulk actions and prefer wrappers that force a contract or order list instead of allowing account-wide defaults.
A broadly scoped API key would give the agent broad control over the exchange account.
The skill requires exchange API credentials and acknowledges that those credentials may authorize transfers and withdrawals. The restriction is only a recommendation, not an enforced boundary in the artifacts.
Authentication strictly relies on standard MCP environment variables ... ZKE_API_KEY ... ZKE_SECRET_KEY ... This SDK explicitly supports asset transfers and withdrawals. We strongly recommend that your API Keys have Withdrawals Disabled and are restricted to Read/Trade only.
Create a separate ZKE API key with the narrowest permissions possible, disable withdrawals, restrict IPs, and revoke the key when no longer needed.
Credentials could be handled in a way users may not expect if they use these CLI commands.
A private WebSocket path accepts an API key or token as a command-line argument, which is less protected than the SKILL.md's environment-variable-only authentication description and can expose secrets through shell history or process listings.
python3 main.py ws-futures-position-order 30 <apiKey|token> python3 main.py ws-spot-user-data 30 <apiKey|token> ... credential = sys.argv[3] if len(sys.argv) > 3 else None
Avoid passing exchange credentials on the command line; prefer OpenClaw-managed environment secrets and remove or guard CLI credential paths.
The installed dependency versions may vary over time or by environment.
The installer builds and enables the local plugin, but it also downloads dependencies from package managers during installation. The provided Python requirements are not fully pinned.
npm install >/dev/null 2>&1 && npm run build ... pip install -r requirements.txt >/dev/null 2>&1 ... openclaw plugins install .
Review the installer and dependency files, prefer pinned dependencies or lockfiles, and install only from a verified ZKE source.