← 返回 Skills 市场
jolestar

Binance Spot OpenAPI Skill

作者 jolestar · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ✓ 安全检测通过
342
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install binance-spot-openapi-skill
功能描述
Operate Binance Spot market, account, and order APIs through UXC with a curated OpenAPI schema, Binance query signing, and separate mainnet/testnet link flows.
使用说明 (SKILL.md)

Binance Spot API Skill

Use this skill to run Binance Spot REST operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

  • uxc is installed and available in PATH.
  • Network access to:
    • https://api.binance.com
    • https://testnet.binance.vision
  • Access to the curated OpenAPI schema URL:
    • https://raw.githubusercontent.com/holon-run/uxc/main/skills/binance-spot-openapi-skill/references/binance-spot.openapi.json

Scope

This skill covers curated Binance Spot REST endpoints for:

  • public market reads
  • signed account reads
  • signed order queries
  • test orders
  • order placement and cancellation

This skill does not cover:

  • OCO, OTO, OTOCO, OPO, OPOCO, or other orderList/* endpoints
  • order/cancelReplace
  • order/amend/*
  • historicalTrades
  • uiKlines
  • ticker/tradingDay
  • SOR endpoints
  • Wallet, Margin, Earn, or /sapi/* endpoints
  • RSA request signing
  • https://demo-api.binance.com

Authentication

Public market endpoints do not require credentials.

Signed Spot endpoints require:

  • api_key field for X-MBX-APIKEY
  • private_key field for Ed25519 PKCS#8 PEM signing, or secret_key for deprecated HMAC SHA256 signing

Testnet API Key Setup

Binance Spot testnet uses a separate host and separate API key records from mainnet:

  • base URL: https://testnet.binance.vision
  • testnet API keys do not work on mainnet
  • mainnet API keys do not work on testnet

There are two practical testnet flows:

  1. Ed25519 (recommended by Binance)

    • Generate an Ed25519 keypair locally.
    • Register the public key in the Spot testnet API management UI.
    • After registration, Binance shows a distinct API key for that Ed25519 key record.
    • Use that displayed API key in X-MBX-APIKEY, and use the matching private key PEM for signing.

  2. HMAC (legacy compatibility)

    • Create an HMAC key in the Spot testnet API management UI.
    • Binance shows both API key and Secret key.
    • Use API key in X-MBX-APIKEY, and use Secret key for HMAC SHA256 signing.

Important:

  • The Ed25519 public key you upload is not the API key.
  • Each Binance key record has its own API key.
  • Do not mix an HMAC API key with an Ed25519 private key, or an Ed25519 API key with an HMAC secret.
  • If you do, Binance returns -1022 Signature for this request is not valid.

Recommended Credential Setup

Binance recommends Ed25519. Store the private key PEM text in an environment variable, or source it from 1Password.

export BINANCE_TESTNET_ED25519_PRIVATE_KEY="$(cat /absolute/path/to/binance_testnet_ed25519_private.pem)"
export BINANCE_MAINNET_ED25519_PRIVATE_KEY="$(cat /absolute/path/to/binance_mainnet_ed25519_private.pem)"

Create one credential per environment so mainnet and testnet keys are never mixed:

uxc auth credential set binance-spot-mainnet \
  --auth-type api_key \
  --field api_key=env:BINANCE_MAINNET_API_KEY \
  --field private_key=env:BINANCE_MAINNET_ED25519_PRIVATE_KEY

uxc auth credential set binance-spot-testnet \
  --auth-type api_key \
  --field api_key=env:BINANCE_TESTNET_API_KEY \
  --field private_key=env:BINANCE_TESTNET_ED25519_PRIVATE_KEY

Add one signer binding per environment:

uxc auth binding add \
  --id binance-spot-mainnet \
  --host api.binance.com \
  --path-prefix /api/v3 \
  --scheme https \
  --credential binance-spot-mainnet \
  --signer-json '{"kind":"ed25519_query_v1","algorithm":"ed25519","signing_field":"private_key","key_field":"api_key","key_placement":"header","key_name":"X-MBX-APIKEY","signature_param":"signature","signature_encoding":"base64","timestamp_param":"timestamp","timestamp_unit":"milliseconds","canonicalization":{"mode":"preserve_order"}}' \
  --priority 100

uxc auth binding add \
  --id binance-spot-testnet \
  --host testnet.binance.vision \
  --path-prefix /api/v3 \
  --scheme https \
  --credential binance-spot-testnet \
  --signer-json '{"kind":"ed25519_query_v1","algorithm":"ed25519","signing_field":"private_key","key_field":"api_key","key_placement":"header","key_name":"X-MBX-APIKEY","signature_param":"signature","signature_encoding":"base64","timestamp_param":"timestamp","timestamp_unit":"milliseconds","canonicalization":{"mode":"preserve_order"}}' \
  --priority 100

HMAC Fallback

If you already have legacy HMAC keys, uxc still supports them:

uxc auth credential set binance-spot-mainnet-hmac \
  --auth-type api_key \
  --field api_key=env:BINANCE_MAINNET_API_KEY \
  --field secret_key=env:BINANCE_MAINNET_SECRET_KEY

uxc auth credential set binance-spot-testnet-hmac \
  --auth-type api_key \
  --field api_key=env:BINANCE_TESTNET_API_KEY \
  --field secret_key=env:BINANCE_TESTNET_SECRET_KEY

uxc auth binding add \
  --id binance-spot-mainnet-hmac \
  --host api.binance.com \
  --path-prefix /api/v3 \
  --scheme https \
  --credential binance-spot-mainnet-hmac \
  --signer-json '{"kind":"hmac_query_v1","algorithm":"hmac_sha256","signing_field":"secret_key","key_field":"api_key","key_placement":"header","key_name":"X-MBX-APIKEY","signature_param":"signature","signature_encoding":"hex","timestamp_param":"timestamp","timestamp_unit":"milliseconds","canonicalization":{"mode":"preserve_order"}}' \
  --priority 100

uxc auth binding add \
  --id binance-spot-testnet-hmac \
  --host testnet.binance.vision \
  --path-prefix /api/v3 \
  --scheme https \
  --credential binance-spot-testnet-hmac \
  --signer-json '{"kind":"hmac_query_v1","algorithm":"hmac_sha256","signing_field":"secret_key","key_field":"api_key","key_placement":"header","key_name":"X-MBX-APIKEY","signature_param":"signature","signature_encoding":"hex","timestamp_param":"timestamp","timestamp_unit":"milliseconds","canonicalization":{"mode":"preserve_order"}}' \
  --priority 100

Core Workflow

  1. Use fixed link commands by default:

    • command -v binance-spot-mainnet-openapi-cli
    • If missing, create it: uxc link binance-spot-mainnet-openapi-cli https://api.binance.com --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/binance-spot-openapi-skill/references/binance-spot.openapi.json
    • command -v binance-spot-testnet-openapi-cli
    • If missing, create it: uxc link binance-spot-testnet-openapi-cli https://testnet.binance.vision --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/binance-spot-openapi-skill/references/binance-spot.openapi.json

  2. Discover operations with help-first flow:

    • binance-spot-mainnet-openapi-cli -h
    • binance-spot-testnet-openapi-cli -h
    • binance-spot-testnet-openapi-cli post:/api/v3/order/test -h
    • binance-spot-testnet-openapi-cli get:/api/v3/account -h

  3. Execute reads first:

    • public read: binance-spot-mainnet-openapi-cli get:/api/v3/ticker/price symbol=BTCUSDT
    • signed read: binance-spot-testnet-openapi-cli get:/api/v3/account omitZeroBalances=true recvWindow=5000

  4. Use order/test before real writes:

    • binance-spot-testnet-openapi-cli post:/api/v3/order/test symbol=BTCUSDT side=BUY type=MARKET quoteOrderQty=100 recvWindow=5000

Operation Groups

Public Market

  • get:/api/v3/ping
  • get:/api/v3/time
  • get:/api/v3/exchangeInfo
  • get:/api/v3/avgPrice
  • get:/api/v3/depth
  • get:/api/v3/klines
  • get:/api/v3/ticker/24hr
  • get:/api/v3/ticker/price
  • get:/api/v3/trades

Signed Reads

  • get:/api/v3/account
  • get:/api/v3/openOrders
  • get:/api/v3/order
  • get:/api/v3/allOrders
  • get:/api/v3/myTrades
  • get:/api/v3/rateLimit/order

Signed Writes

  • post:/api/v3/order/test
  • post:/api/v3/order
  • delete:/api/v3/order
  • delete:/api/v3/openOrders

Guardrails

  • Keep automation on the JSON output envelope; do not use --text.
  • Parse stable fields first: ok, kind, protocol, data, error.
  • Treat order/test as the default validation path before any real order placement.
  • Treat all mainnet write operations as high-risk and require explicit user confirmation before execution.
  • Prefer testnet for all signed examples unless the user explicitly asks for mainnet.
  • Before placing orders, query exchangeInfo for symbol filters and ticker/price or depth for current market context.
  • If Binance returns -1021, call get:/api/v3/time, then retry with a fresh timestamp and, if needed, a larger recvWindow.
  • If Binance returns -1022, first verify you are using the API key from the same Binance key record as the signing material:
    • Ed25519: displayed API key + matching private key PEM
    • HMAC: displayed API key + matching Secret key
  • Use --path-prefix /api/v3 on auth bindings. uxc now resolves OpenAPI auth against the final operation URL, so this narrower binding works for signed Spot requests and avoids over-broad host-level matching.
  • timestamp and signature are injected by the signer binding; users normally provide business parameters plus optional recvWindow.
  • binance-spot-*-openapi-cli \x3Coperation> ... is equivalent to uxc \x3Chost> --schema-url \x3Cbinance_spot_openapi_schema> \x3Coperation> ....

References

安全使用建议
This skill appears to do what it says: help you call Binance Spot endpoints via your local uxc CLI with a curated OpenAPI schema and query signing. Before installing: ensure you trust the schema URL (raw.githubusercontent.com) and optionally fetch/verify it yourself; prefer storing private keys in a secure vault (1Password, OS keyring, or a secret manager) rather than long-lived plaintext environment variables; keep mainnet keys separate from testnet keys and use the documented testnet-first flow to validate requests before placing mainnet orders; confirm that any agent you give autonomous invocation to should be allowed to run uxc with access to your Binance credentials (if you enable autonomous runs, the agent could trigger API calls using whatever credentials uxc can access). The validate.sh script is a local maintainer helper requiring rg and jq — it is not an installer and does not run automatically.
功能分析
Type: OpenClaw Skill Name: binance-spot-openapi-skill Version: 1.0.1 The skill bundle provides a legitimate interface for interacting with the Binance Spot API using the uxc CLI tool. It includes a detailed OpenAPI schema (binance-spot.openapi.json), clear instructions for secure authentication using Ed25519 or HMAC, and explicit safety guardrails in SKILL.md that require user confirmation for mainnet writes and encourage testnet-first validation. No evidence of malicious behavior, data exfiltration, or harmful prompt injection was found.
能力评估
Purpose & Capability
Name, description, and files (OpenAPI schema, usage patterns, and uxc link examples) all align with the stated purpose of operating Binance Spot endpoints. The only external dependency referenced at runtime is uxc and network access to Binance + the GitHub raw schema URL, which is expected for this skill.
Instruction Scope
SKILL.md instructions stay within scope: they describe public reads, signed account/order queries, testnet-first write flows, and mainnet guardrails. The docs instruct storing signing material (private key PEM or HMAC secret) in environment variables or a secret manager; they do not instruct the agent to read unrelated files or exfiltrate data to third-party endpoints outside of Binance or the GitHub raw schema URL.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. The OpenAPI schema is referenced from a raw.githubusercontent.com URL — common practice for schemas but worth verifying integrity if you rely on it. The included validate.sh is a local validation script (requires rg and jq) and not run automatically by the platform.
Credentials
The skill does not declare required env vars in registry metadata, but SKILL.md recommends several BINANCE_* environment variables for Ed25519 or HMAC keys. Those credentials are directly relevant to signing Binance requests and are proportionate; however, the skill asks you to store private key PEM content in environment variables (a convenience that has security trade-offs).
Persistence & Privilege
Skill does not request persistent always:true privilege, does not modify other skills, and is user-invocable. It relies on uxc to perform signed requests; by default the platform allows autonomous invocation, which is normal — there are no other elevated privileges requested by this skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install binance-spot-openapi-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /binance-spot-openapi-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Update signing guidance and validated subscribe-related docs.
v1.0.0
Initial release of binance-spot-openapi-skill. - Enables Binance Spot REST API access through UXC using a curated OpenAPI schema. - Supports both mainnet and testnet with separated API key flows. - Implements Binance query signing: Ed25519 (recommended) and HMAC (legacy). - Covers public market, signed account, and order endpoints; excludes more complex or non-Spot API features. - Includes setup and authentication instructions for secure, environment-specific usage.
元数据
Slug binance-spot-openapi-skill
版本 1.0.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

Binance Spot OpenAPI Skill 是什么?

Operate Binance Spot market, account, and order APIs through UXC with a curated OpenAPI schema, Binance query signing, and separate mainnet/testnet link flows. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 342 次。

如何安装 Binance Spot OpenAPI Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install binance-spot-openapi-skill」即可一键安装,无需额外配置。

Binance Spot OpenAPI Skill 是免费的吗?

是的,Binance Spot OpenAPI Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Binance Spot OpenAPI Skill 支持哪些平台?

Binance Spot OpenAPI Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Binance Spot OpenAPI Skill?

由 jolestar(@jolestar)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论