← Back to Skills Marketplace
1264
Downloads
0
Stars
2
Active Installs
14
Versions
Install in OpenClaw
/install trading-upbit-skill
Description
Upbit automated trading (aggressive breakout) with cron-friendly run-once commands, TopVolume monitoring, and percent-based budget splitting.
Usage Guidance
This skill appears to implement what it claims (an Upbit trading bot). Before installing: (1) run it in dry-run mode and use a test account or minimal funds; (2) inspect scripts/execution/upbitClient.js and scripts/config/index.js to confirm API host usage and how environment variables map to cfg.upbit (there are inconsistent env variable names in docs vs comments); (3) run node skill.js security_check to ensure only api.upbit.com URLs exist; (4) store keys in the platform secret store (not config.json), limit key permissions while testing, and rotate keys after use. If you don't want live trading, ensure execution.dryRun=true and verify the Upbit client will not send requests that aren't allowlisted. Finally, be aware that npm install will pull third-party dependencies (axios, jsonwebtoken, uuid) — audit them if you require stricter supply-chain controls.
Capability Analysis
Type: OpenClaw Skill
Name: trading-upbit-skill
Version: 1.0.14
The OpenClaw skill bundle is classified as benign. The code and documentation consistently demonstrate a strong focus on security, explicitly stating that it does not include telemetry or upload data, a claim verified by the `UpbitClient.js` which strictly allowlists `api.upbit.com` as the only external host and disables redirects. API keys are prioritized from environment variables, preventing hardcoding. A `securityCheck.js` script is provided for users to self-audit for unexpected external URLs. All file system operations are confined to the skill's local `resources/` directory for state management, and there is no evidence of malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent.
Capability Assessment
Purpose & Capability
Name/description (Upbit automated trading) match the code and runtime instructions: the code implements monitoring, event enqueueing, position state, risk checks, and order execution via an Upbit client. Declared required binary (node) and credentials (Upbit API keys) are appropriate.
Instruction Scope
SKILL.md and skill.js instruct the agent to run monitor/worker/smoke_test and to store keys in env or config.json. Runtime behavior is limited to local files under resources/ and Upbit API calls. No instructions appear to read unrelated system files or transmit data to external hosts other than Upbit. Note: the docs recommend running a built-in security_check and dry-run first (good).
Install Mechanism
This is instruction-heavy with a package.json listing common dependencies (axios, jsonwebtoken, uuid). No install script or remote download URLs are present; user runs npm install locally which is expected for a Node skill.
Credentials
The skill only requires Upbit API keys (primary: UPBIT_ACCESS_KEY, UPBIT_SECRET_KEY) which is proportional. Minor inconsistency: SKILL.md/README/security text also mentions alternative names (UPBIT_OPEN_API_ACCESS_KEY / UPBIT_OPEN_API_SECRET_KEY) and skill.js comments reference these names too. The actual code uses loadConfig() to obtain cfg.upbit.accessKey/secretKey; verify scripts/config/index.js to confirm how environment variables are mapped to cfg.upbit to avoid misconfiguration.
Persistence & Privilege
always is false; the skill is user-invocable and does not request permanent platform-wide privileges or modify other skills. It creates and manages local resource files (events/positions/heartbeat) inside its own project root, which is expected for a cron-run bot.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trading-upbit-skill - After installation, invoke the skill by name or use
/trading-upbit-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.14
- Added SECURITY.md with clear installation and API key security guidance.
- Introduced scripts/security/securityCheck.js for easy repository URL self-checking.
- Security section now included at the top of documentation with best practices and a quick check command.
- No user-facing changes to trading logic or configuration.
v1.0.13
- Removed five resource files: events.json, heartbeat.json, nearCounter.json, positions.json, and topVolumeCache.json.
- No changes to public documentation or functionality indicated.
- Skill behavior and usage remain unchanged.
v1.0.12
- Added a .gitignore file for improved repository hygiene.
- Updated metadata to specify required environment variables: UPBIT_ACCESS_KEY and UPBIT_SECRET_KEY.
- Declared UPBIT_ACCESS_KEY as the primary environment variable in metadata.
v1.0.11
Version 1.0.11
- No code or documentation changes detected in this release.
- All features and usage remain unchanged.
v1.0.10
- Added resource files for events, heartbeat, nearCounter, positions, and topVolumeCache.
- Introduced a new budget policy supporting percent-based KRW allocation and per-order splitting when handling multiple simultaneous buys.
- Documented the cron-friendly run-once commands (`monitor_once`, `worker_once`, `smoke_test`) and clarified their behaviors.
- Updated metadata, improved documentation for setup and usage, and removed redundant files.
- Outlined expected resource files and new auto-generated outputs for improved monitoring and state tracking.
v1.0.9
- Added comprehensive test scripts under scripts/tests/: common.js, inject_buy_signal.js, inject_sell_signal.js, run_worker_once.js, and set_position.js.
- These scripts support easier testing and validation of buy/sell signals, worker behavior, and position handling.
v1.0.8
Version 1.0.8 of trading-upbit-skill
- Correct worker handling errors for buy orders
v1.0.7
- Removed the config.json file from version control to improve security and prevent accidental commits of sensitive configuration data.
- Users are now expected to create their own config.json based on the provided example file.
v1.0.6
trading-upbit-skill v1.0.6
-Improved aggressive buying strategy
v1.0.5
- Added a .gitignore file to the project.
- Updated documentation in SKILL.md for Cron-safe usage; improved instructions for OpenClaw integration and clarified tool requirements.
- No changes to trading logic or code; documentation and project setup only.
v1.0.4
**Major refactor and architectural update for modularity and extensibility.**
- Reorganized core logic into a scripts/ directory, adopting separation of concerns (config, data, execution, indicators, risk, state, strategy, workers).
- Added new modules for market data, API client, advanced risk management, multi-strategy, and event-driven worker execution.
- Improved monitoring by introducing Top Volume dynamic surveillance and near-breakout candidate detection.
- Removed legacy monolithic files and merged strategies, execution, and repo logic into newly structured services.
- Updated SKILL.md to reflect new structure, strategy features, and usage instructions.
v1.0.3
Major refactor: migrated to a single-run, cron-driven architecture ("A-Plan") with streamlined logic and KV-state per market.
- Replaced previous event/trigger handler system with a CLI-based entrypoint (`skill.js`) for execution and queries.
- All legacy scripts and deep folder structure removed; replaced with concise modules grouped by domain (adapters, handlers, domain, repo, services, utils).
- Bot can now be controlled by cron, running every 5 minutes and exiting after a full trade cycle.
- New strategy logic: Volatility Breakout with bullish filter, strict JSON output, and distributed locking to prevent overlapping runs.
- Storage schema updated: state, positions, and locks now use isolated KV keys.
- Added CLI subcommands to directly query price, holdings, and asset valuation.
v1.0.2
**Major update: Migrated to OpenClaw runtime with trigger-based execution and environment-provided tool integration.**
- Added OpenClaw adapter and modular handler files for market monitoring and event processing.
- Introduced trigger handlers: monitorHandler (interval-based) and eventHandler (storage event-driven).
- All state persistence and market/order interactions now use OpenClaw tools via the adapter.
- Reorganized directory and component structure for clarity and separation of concerns.
- Removed direct Upbit API/signing logic; all authentication is managed by the environment.
- Enhanced reliability and safety controls through state-aware storage operations and tool-validated order checks.
v1.0.0
- Initial release of Upbit Trading Engine (v1.0.0) with ClawHub compliance.
- Supports market data retrieval, technical indicators (RSI, MACD, ATR, Bollinger Bands), and volatility breakout strategy.
- Provides risk management (order size, balance, fee checks) and state machine-based position tracking.
- Implements robust error handling (429 retry, explicit retriable status).
- Includes test mode using simulated order endpoints for safe experimentation.
- Modular code structure for indicators, strategies, risk, execution, and state management.
Metadata
Frequently Asked Questions
What is Trading upbit skill?
Upbit automated trading (aggressive breakout) with cron-friendly run-once commands, TopVolume monitoring, and percent-based budget splitting. It is an AI Agent Skill for Claude Code / OpenClaw, with 1264 downloads so far.
How do I install Trading upbit skill?
Run "/install trading-upbit-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Trading upbit skill free?
Yes, Trading upbit skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Trading upbit skill support?
Trading upbit skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Trading upbit skill?
It is built and maintained by kuns9 (@kuns9); the current version is v1.0.14.
More Skills