← Back to Skills Marketplace
oscraters

Kraken CLI

by oscraters · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
317
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install kraken-cli
Description
Use a Bash CLI to query Kraken Spot and Futures APIs, inspect account state, run guarded trading and funding actions, and work with Kraken websocket payloads...
README (SKILL.md)

OpenClaw Kraken

Use {baseDir}/bin/openclaw-kraken for Kraken Spot REST tasks.

Use when

  • The user wants Kraken market data.
  • The user wants Kraken account state from private REST endpoints.
  • The user wants guarded order placement, funding, earn, futures, subaccount, or websocket actions through a local Bash tool instead of ad hoc curl commands.

Rules

  • Never print API secrets, signatures, or raw auth headers.
  • Read secrets from the environment only. In OpenClaw, inject them via secret refs rather than plaintext config.
  • Refuse to run if required config is missing or malformed.
  • Use configured base URLs only. Do not accept arbitrary destination URLs.
  • Preserve stdout for API results; use --jq or --compact when structured formatting is needed.
  • Prefer read-only endpoints unless the user clearly asked for a state-changing action.
  • For state-changing aliases such as trading, withdrawal, earn allocation, or subaccount transfer operations, require --confirm.

Commands

  • market time
  • market ticker --pair XBTUSD
  • account balance
  • funding deposit-methods --asset ETH
  • earn strategies --ascending true
  • futures call market.tickers
  • ws spot-public --message-json '{"method":"ping"}'
  • orders add --pair XBTUSD --side buy --type limit --volume 0.01 --price 25000 --time-in-force GTC --post-only true --confirm
  • call funding.withdraw-info --asset ETH --key MyWallet --amount 0.5

Configuration

  • Non-secret config is read from environment or OPENCLAW_KRAKEN_CONFIG.
  • Secrets must be provided via environment variables that OpenClaw resolves from secret refs.
  • See {baseDir}/README.md for examples.
Usage Guidance
This skill looks like a genuine Kraken CLI, but there are important mismatches you should clear up before installing or giving it real API secrets: - Confirm required secrets: The code needs KRAKEN_API_SECRET (and futures secrets) in addition to the declared KRAKEN_API_KEY; the registry metadata should be updated to list all required secret env vars. Do not provide real keys until you confirm which secrets are requested. - Confirm required binaries: The runtime validates node, base64, od and may require jq for certain output modes, but SKILL.md only lists bash, curl, openssl. Ensure your environment has the actual binaries the code checks for. - Missing artifacts: The manifest does not include the CLI entrypoint (bin/openclaw-kraken) nor the endpoints TSV files referenced by the code. Ask the publisher to provide the missing files or an updated package — otherwise the skill will fail or behave unexpectedly. - Network destinations: The code enforces use of configured base URLs for REST, but the websocket helper accepts arbitrary --url in examples. If you plan to allow autonomous invocation, restrict allowed destination URLs or audit any --url input to avoid connecting to untrusted endpoints. - Secrets handling: The skill claims to read secrets from environment only and to redact secrets from logs; the implementation contains explicit redaction and signing code, which looks consistent. Nevertheless, only provide secrets via OpenClaw secret refs (not plaintext) and test in simulated mode first (KRAKEN_SIMULATE=true) with non-production keys. If the publisher can update SKILL.md/registry metadata to list all required env vars and binaries and supply the missing CLI and endpoints files, this skill would become coherent and more trustworthy. Until then treat it as suspicious and avoid supplying production credentials or enabling autonomous runs.
Capability Analysis
Type: OpenClaw Skill Name: kraken-cli Version: 1.0.0 The bundle is a legitimate and well-structured integration for the Kraken cryptocurrency exchange. It includes robust security guardrails, such as automated secret redaction in logs (lib/kraken_redact.sh), strict validation of API paths and base URLs (lib/kraken_validate.sh), and mandatory confirmation flags for state-changing operations like trading or withdrawals. The instructions in SKILL.md explicitly reinforce security best practices for the AI agent, and no indicators of data exfiltration, obfuscation, or unauthorized remote execution were found.
Capability Assessment
Purpose & Capability
The skill's name and description (Kraken CLI for spot/futures/ws) match the code and docs. However the registry/SKILL metadata under-reports required runtime state: the code requires private secrets (KRAKEN_API_SECRET, KRAKEN_FUTURES_API_SECRET, etc.) and many non-secret settings (KRAKEN_API_VERSION, futures base URL, websocket URLs) that are not declared as required in the skill metadata. Requiring API keys is expected for this purpose, but the metadata should list all required secrets/config so callers know what will be requested.
Instruction Scope
SKILL.md instructs the agent to use a local CLI (bin/openclaw-kraken) and to only read secrets from environment, validate base URLs, and refuse missing config. The code enforces those guardrails. However the manifest does not include the CLI binary (bin/openclaw-kraken) or the config endpoint TSVs the runtime validates/reads; those missing artifacts are required for normal operation. The ws helper also accepts arbitrary --url in some commands, which is allowed by examples but nominally conflicts with the SKILL.md rule to 'Use configured base URLs only' unless the operator explicitly uses the open 'ws open' command — this expands the network destination surface and should be noted.
Install Mechanism
The skill is instruction-only (no external download/install spec), and all code is included in the bundle. There is no external installer or network download during install, which is low risk in itself.
Credentials
Registry metadata declares KRAKEN_API_BASE_URL and KRAKEN_API_KEY (primary) but the runtime requires additional secrets and envs: KRAKEN_API_SECRET, KRAKEN_FUTURES_API_KEY, KRAKEN_FUTURES_API_SECRET, KRAKEN_API_VERSION, KRAKEN_FUTURES_API_BASE_URL, KRAKEN_WS_* URLs, and others. Required binaries validated by the code include node, base64, od and optionally jq; the declared required binaries only list bash, curl, openssl. The mismatch means the skill may request secrets or binaries at runtime that were not advertised.
Persistence & Privilege
always is false and the skill does not request to be force-included. disable-model-invocation is false (normal). The skill does not appear to modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kraken-cli
  3. After installation, invoke the skill by name or use /kraken-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release—migrates Kraken crypto skill from Python scripts to a modular Bash CLI: - Replaces Python implementation (kraken_api.py, kraken_cli.py) with Bash CLI under bin/openclaw-kraken and supporting shell/lib scripts. - Adds structured documentation, including usage examples, caveats, and full command references for Spot, Earn, Funding, and Futures APIs. - Introduces support for OpenClaw-managed secret injection and safer config/secret handling. - All primary functions (market data, account state, funding, earn, orders) are implemented as Bash functions/scripts. - Implements strict security and confirmation rules for state-changing operations. - Includes comprehensive test scripts and configuration examples.
Metadata
Slug kraken-cli
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Kraken CLI?

Use a Bash CLI to query Kraken Spot and Futures APIs, inspect account state, run guarded trading and funding actions, and work with Kraken websocket payloads... It is an AI Agent Skill for Claude Code / OpenClaw, with 317 downloads so far.

How do I install Kraken CLI?

Run "/install kraken-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kraken CLI free?

Yes, Kraken CLI is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Kraken CLI support?

Kraken CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Kraken CLI?

It is built and maintained by oscraters (@oscraters); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments