← Back to Skills Marketplace
jolestar

Coinbase OpenAPI Skill

by jolestar · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
215
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install coinbase-openapi-skill
Description
Operate Coinbase Advanced Trade REST APIs through UXC with a curated OpenAPI schema, products-first discovery, and explicit JWT bearer auth guidance.
README (SKILL.md)

Coinbase Advanced Trade Skill

Use this skill to run Coinbase Advanced Trade REST operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

  • uxc is installed and available in PATH.
  • Network access to https://api.coinbase.com.
  • Access to the curated OpenAPI schema URL:
    • https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json

Scope

This skill covers a curated Coinbase Advanced Trade surface for:

  • product and best-bid-ask market reads
  • account summary reads
  • order create, cancel, and lookup workflows

This skill does not cover:

  • Coinbase Exchange APIs
  • Coinbase Prime APIs
  • Coinbase Derivatives APIs
  • wallet or retail app product families outside Advanced Trade

Authentication

Public product endpoints can be read without credentials.

Private account and order endpoints require a Coinbase Advanced Trade bearer JWT. uxc now supports Coinbase's request-scoped JWT flow directly through jwt_bearer_v1, so you can store the API key id and private key in a credential and let uxc mint the short-lived bearer token per request.

Recommended v1 setup:

  1. Download or copy the Coinbase API key material:
    • key_id: organizations/{org_id}/apiKeys/{key_id}
    • private_key: Coinbase exports either -----BEGIN EC PRIVATE KEY----- or -----BEGIN PRIVATE KEY-----; uxc accepts both PEM forms for ES256.
  2. Store those values in a local credential.
  3. Bind the credential to api.coinbase.com with a jwt_bearer_v1 signer.
uxc auth credential set coinbase-advanced-trade \
  --auth-type api_key \
  --field key_id=env:COINBASE_KEY_ID \
  --field private_key=env:COINBASE_PRIVATE_KEY

uxc auth binding add \
  --id coinbase-advanced-trade \
  --host api.coinbase.com \
  --path-prefix /api/v3/brokerage \
  --scheme https \
  --credential coinbase-advanced-trade \
  --signer-json '{"kind":"jwt_bearer_v1","algorithm":"es256","private_key_field":"private_key","header_typ":"JWT","header_kid_field":"key_id","expires_in_seconds":120,"claims":{"static":{"iss":"cdp"},"from_fields":{"sub":"key_id"},"time":{"nbf":"now","exp":"now_plus_ttl"}},"request_claim":{"name":"uri","format":"string","value_template":"{{request.method}} {{request.host}}{{request.path}}"}}' \
  --priority 100

Validate the active mapping when auth looks wrong:

uxc auth binding match https://api.coinbase.com/api/v3/brokerage/accounts

Core Workflow

  1. Use the fixed link command by default:

    • command -v coinbase-openapi-cli
    • If missing, create it: uxc link coinbase-openapi-cli https://api.coinbase.com --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json
    • coinbase-openapi-cli -h

  2. Inspect operation help before execution:

    • coinbase-openapi-cli get:/api/v3/brokerage/products -h
    • coinbase-openapi-cli get:/api/v3/brokerage/accounts -h
    • coinbase-openapi-cli post:/api/v3/brokerage/orders -h

  3. Prefer product reads before private account or order workflows:

    • coinbase-openapi-cli get:/api/v3/brokerage/products product_type=SPOT limit=20
    • coinbase-openapi-cli get:/api/v3/brokerage/best_bid_ask product_ids=BTC-USD,ETH-USD

  4. Treat all order placement and cancellation as high-risk writes.

Operations

  • get:/api/v3/brokerage/products
  • get:/api/v3/brokerage/products/{product_id}
  • get:/api/v3/brokerage/best_bid_ask
  • get:/api/v3/brokerage/accounts
  • get:/api/v3/brokerage/accounts/{account_uuid}
  • post:/api/v3/brokerage/orders
  • post:/api/v3/brokerage/orders/batch_cancel
  • get:/api/v3/brokerage/orders/historical/{order_id}
  • get:/api/v3/brokerage/orders/historical/batch

Guardrails

  • Keep automation on the JSON output envelope; do not use --text.
  • Parse stable fields first: ok, kind, protocol, data, error.
  • uxc mints a fresh short-lived Coinbase JWT on each private request; do not try to bind a stale pre-generated bearer token when jwt_bearer_v1 is available.
  • Coinbase exports ES256 private keys in more than one PEM form; this skill expects the raw downloaded PEM and does not require a manual PKCS#8 conversion step.
  • Treat post:/api/v3/brokerage/orders and post:/api/v3/brokerage/orders/batch_cancel as high-risk writes.
  • Keep initial product/account pulls narrow with small limit values.
  • coinbase-openapi-cli \x3Coperation> ... is equivalent to uxc https://api.coinbase.com --schema-url \x3Ccoinbase_advanced_trade_openapi_schema> \x3Coperation> ....

References

Usage Guidance
This skill appears to do what it says: it uses a curated OpenAPI schema and the 'uxc' tool to talk to Coinbase Advanced Trade. Before installing, verify you trust the 'uxc' binary and its auth binding behaviour (it will be used to store/mint short-lived JWTs). Be aware the instructions expect you to provide a Coinbase key id and a private key (COINBASE_KEY_ID and COINBASE_PRIVATE_KEY); these are highly sensitive — store them in a secure credential store and avoid pasting private keys into logs or chat. Note the manifest doesn't declare required env vars even though the docs reference them; confirm you understand where credentials will be stored and who/what can access them. If you do not fully trust autonomous agent actions, consider disabling autonomous invocation or require explicit user confirmation before performing any write (order create/cancel) operations.
Capability Analysis
Type: OpenClaw Skill Name: coinbase-openapi-skill Version: 1.0.0 The skill bundle provides a legitimate interface for interacting with the Coinbase Advanced Trade REST API using the 'uxc' CLI tool. It includes a curated OpenAPI schema (references/coinbase-advanced-trade.openapi.json), clear documentation for setting up JWT-based authentication using environment variables, and explicit warnings regarding high-risk write operations like order placement. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the logic is consistent with its stated purpose of financial API interaction.
Capability Assessment
Purpose & Capability
The name, description, OpenAPI schema, and SKILL.md all align: this is a Coinbase Advanced Trade OpenAPI wrapper that expects to be run via the 'uxc' tool. The included schema, operations, and usage examples match the stated capabilities.
Instruction Scope
Runtime instructions only reference uxc, the Coinbase API host, and the curated OpenAPI schema; they instruct creating a local uxc credential, linking a CLI wrapper, and performing reads/writes with explicit guardrails. There are no instructions to read unrelated system files or transmit data to unknown endpoints.
Install Mechanism
No install spec is present (instruction-only), so nothing arbitrary will be fetched or written during installation. The only external content referenced is a schema hosted on raw.githubusercontent.com and api.coinbase.com, both expected for this purpose. A local validation script requires jq and rg for dev-time checks only.
Credentials
The skill itself declares no required env vars, but the instructions and examples reference COINBASE_KEY_ID and COINBASE_PRIVATE_KEY to be placed in a credential and bound to uxc's jwt_bearer_v1 signer. Requesting the Coinbase key id and ES256 private key is proportionate for minting Coinbase request-scoped JWTs, but the metadata/manifest omission of these env vars is a minor inconsistency that users should be aware of.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It relies on uxc for auth and execution and does not modify other skills or system configurations beyond recommending local credential creation via uxc.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install coinbase-openapi-skill
  3. After installation, invoke the skill by name or use /coinbase-openapi-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release with OpenAPI-based Coinbase Advanced Trade integration. - Run Coinbase Advanced Trade REST APIs via `uxc`, using a curated OpenAPI schema. - Supports key product, account, and order operations; excludes Exchange/Prime/Derivatives APIs. - Includes concise JWT bearer authentication setup using Coinbase API key material and `uxc`'s `jwt_bearer_v1` signer. - Provides guidance on safe high-risk operations and parsing stable JSON output. - Requires prior installation of `uxc` and network access to `api.coinbase.com`. - Detailed documentation for setup, core workflow, and best practices included in SKILL.md.
Metadata
Slug coinbase-openapi-skill
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Coinbase OpenAPI Skill?

Operate Coinbase Advanced Trade REST APIs through UXC with a curated OpenAPI schema, products-first discovery, and explicit JWT bearer auth guidance. It is an AI Agent Skill for Claude Code / OpenClaw, with 215 downloads so far.

How do I install Coinbase OpenAPI Skill?

Run "/install coinbase-openapi-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Coinbase OpenAPI Skill free?

Yes, Coinbase OpenAPI Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Coinbase OpenAPI Skill support?

Coinbase OpenAPI Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Coinbase OpenAPI Skill?

It is built and maintained by jolestar (@jolestar); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments