← Back to Skills Marketplace

Barra

Name: Barra
Author: violetsakura-7

by violetsakura · GitHub ↗ · v0.1.4 · MIT-0

cross-platform ⚠ suspicious

318

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install barra

Description

在币安交易所通过市价单或限价单买入BTC现货，自动处理交易参数和账户验证并反馈成交详情。

Usage Guidance

This skill is plausibly what it says (a Binance BTC spot-buy helper) but has a few red flags you should address before using it with real funds: - Metadata mismatch: The registry lists no required env vars, yet SKILL.md requires BINANCE_API_KEY and BINANCE_SECRET_KEY. Treat the SKILL.md as authoritative but confirm with the publisher if possible. - Use a restricted Binance API key: Create a key that has only 'Enable Spot & Margin' (spot trading) and account read permissions, explicitly disable withdrawals and other permissions. Restrict the key by IP to the runtime server's IP. - Do not paste your main account keys into chat or to unknown runtimes. Store keys only in the runtime's secure environment mechanism and rotate them frequently. - Because the README includes invisible Unicode control characters (prompt-injection signal), open the SKILL.md in a text editor that can show/control characters and remove any suspicious hidden characters before use. - Test on a sandbox or with a small amount of funds / a dedicated test account first. Monitor order execution closely and consider running the skill with an API key that has a small balance. - If you cannot verify the skill author or the metadata mismatch, be cautious and consider not installing. If possible, ask the publisher to update registry metadata to declare the required env vars and remove the control characters.

Capability Analysis

Type: OpenClaw Skill Name: barra Version: 0.1.4 The skill bundle provides metadata and instructions for a Binance spot trading tool. It includes proactive security guidance, explicitly advising users to disable withdrawal permissions and implement IP whitelisting for their API keys. No malicious code, exfiltration logic, or harmful prompt injections were found in the provided files (SKILL.md and _meta.json).

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes a Binance BTC spot buy helper and the required actions (parse user intent, check balance, call Binance spot API, return trade details) are coherent with that purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly instructs users to set BINANCE_API_KEY and BINANCE_SECRET_KEY — this mismatch is unexpected and should be resolved.

ℹ Instruction Scope

Instructions stay within the trading use-case (parsing order params, validating account, submitting orders, returning results) and advise security best-practices (disable withdrawals, use IP whitelist). They do instruct the agent to read API keys from environment variables and to perform account reads/trades, which is required for the stated function. The SKILL.md contains Unicode control characters (prompt-injection signal) that could alter how an LLM interprets instructions; this is out-of-band and should be inspected manually.

✓ Install Mechanism

Instruction-only skill with no install spec or code files — minimal persistence and no packages are pulled at install time, which reduces risk.

⚠ Credentials

The only necessary secrets for the described functionality are a Binance API key and secret with read+spot-trade permissions and IP restriction — proportionate. But the skill metadata/registry failing to declare these required env vars is a concerning discrepancy: users might not realize they must supply keys, or the skill author omitted this on purpose. Also the SKILL.md suggests exporting keys into environment variables in plaintext; users should be advised to use a restricted API key (no withdraw, limited scope/IP) and not reuse high-privilege credentials.

✓ Persistence & Privilege

The skill does not request always:true or other elevated, platform-wide privileges. It's user-invocable and does not declare persistent modifications to other skills or global settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install barra
After installation, invoke the skill by name or use /barra
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.4

- Added metadata file (_meta.json) for the skill. - No changes to functionality or documentation.

v0.1.3

Barra v0.1.2 - 环境变量配置示例中的 API 密钥内容已移除，需自行填写。 - 其余功能和指南保持不变。

v0.1.2

No changes detected in this version. - No file or documentation updates were made in version 0.1.2.

v0.1.1

Version 0.1.1 of the Barra skill - No file changes detected; documentation and functionality remain the same. - The skill enables spot BTC buy operations on Binance using natural language, supporting both market and limit orders. - Comprehensive instructions for API key setup, permissions, and security are provided in the documentation.

v0.1.0

Barra 币安现货交易技能 v1.0.0 初始发布： - 支持在币安交易所通过自然语言执行比特币（BTC）现货买入操作 - 提供市价单和限价单两种订单类型 - 自动解析指令参数并返回订单成交详情 - 明确的API密钥与权限及安全配置指南 - 适用于OpenClaw环境的API密钥环境变量配置

Metadata

Slug barra

Version 0.1.4

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 5

Frequently Asked Questions

What is Barra?

在币安交易所通过市价单或限价单买入BTC现货，自动处理交易参数和账户验证并反馈成交详情。 It is an AI Agent Skill for Claude Code / OpenClaw, with 318 downloads so far.

How do I install Barra?

Run "/install barra" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Barra free?

Yes, Barra is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Barra support?

Barra is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Barra?

It is built and maintained by violetsakura (@violetsakura-7); the current version is v0.1.4.

More Skills