← 返回 Skills 市场

Coinbase OpenAPI Skill

Name: Coinbase OpenAPI Skill
Author: jolestar

作者 jolestar · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

215

总下载

当前安装

版本数

在 OpenClaw 中安装

/install coinbase-openapi-skill

功能描述

Operate Coinbase Advanced Trade REST APIs through UXC with a curated OpenAPI schema, products-first discovery, and explicit JWT bearer auth guidance.

使用说明 (SKILL.md)

Coinbase Advanced Trade Skill

Use this skill to run Coinbase Advanced Trade REST operations through uxc + OpenAPI.

Reuse the uxc skill for shared execution, auth, and error-handling guidance.

Prerequisites

uxc is installed and available in PATH.
Network access to https://api.coinbase.com.
Access to the curated OpenAPI schema URL:
- https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json

Scope

This skill covers a curated Coinbase Advanced Trade surface for:

product and best-bid-ask market reads
account summary reads
order create, cancel, and lookup workflows

This skill does not cover:

Coinbase Exchange APIs
Coinbase Prime APIs
Coinbase Derivatives APIs
wallet or retail app product families outside Advanced Trade

Authentication

Public product endpoints can be read without credentials.

Private account and order endpoints require a Coinbase Advanced Trade bearer JWT. uxc now supports Coinbase's request-scoped JWT flow directly through jwt_bearer_v1, so you can store the API key id and private key in a credential and let uxc mint the short-lived bearer token per request.

Recommended v1 setup:

Download or copy the Coinbase API key material:
- key_id: organizations/{org_id}/apiKeys/{key_id}
- private_key: Coinbase exports either -----BEGIN EC PRIVATE KEY----- or -----BEGIN PRIVATE KEY-----; uxc accepts both PEM forms for ES256.
Store those values in a local credential.
Bind the credential to api.coinbase.com with a jwt_bearer_v1 signer.

uxc auth credential set coinbase-advanced-trade \
  --auth-type api_key \
  --field key_id=env:COINBASE_KEY_ID \
  --field private_key=env:COINBASE_PRIVATE_KEY

uxc auth binding add \
  --id coinbase-advanced-trade \
  --host api.coinbase.com \
  --path-prefix /api/v3/brokerage \
  --scheme https \
  --credential coinbase-advanced-trade \
  --signer-json '{"kind":"jwt_bearer_v1","algorithm":"es256","private_key_field":"private_key","header_typ":"JWT","header_kid_field":"key_id","expires_in_seconds":120,"claims":{"static":{"iss":"cdp"},"from_fields":{"sub":"key_id"},"time":{"nbf":"now","exp":"now_plus_ttl"}},"request_claim":{"name":"uri","format":"string","value_template":"{{request.method}} {{request.host}}{{request.path}}"}}' \
  --priority 100

Validate the active mapping when auth looks wrong:

uxc auth binding match https://api.coinbase.com/api/v3/brokerage/accounts

Core Workflow

Use the fixed link command by default:
- command -v coinbase-openapi-cli
- If missing, create it: uxc link coinbase-openapi-cli https://api.coinbase.com --schema-url https://raw.githubusercontent.com/holon-run/uxc/main/skills/coinbase-openapi-skill/references/coinbase-advanced-trade.openapi.json
- coinbase-openapi-cli -h
Inspect operation help before execution:
- coinbase-openapi-cli get:/api/v3/brokerage/products -h
- coinbase-openapi-cli get:/api/v3/brokerage/accounts -h
- coinbase-openapi-cli post:/api/v3/brokerage/orders -h
Prefer product reads before private account or order workflows:
- coinbase-openapi-cli get:/api/v3/brokerage/products product_type=SPOT limit=20
- coinbase-openapi-cli get:/api/v3/brokerage/best_bid_ask product_ids=BTC-USD,ETH-USD
Treat all order placement and cancellation as high-risk writes.

Operations

get:/api/v3/brokerage/products
get:/api/v3/brokerage/products/{product_id}
get:/api/v3/brokerage/best_bid_ask
get:/api/v3/brokerage/accounts
get:/api/v3/brokerage/accounts/{account_uuid}
post:/api/v3/brokerage/orders
post:/api/v3/brokerage/orders/batch_cancel
get:/api/v3/brokerage/orders/historical/{order_id}
get:/api/v3/brokerage/orders/historical/batch

Guardrails

Keep automation on the JSON output envelope; do not use --text.
Parse stable fields first: ok, kind, protocol, data, error.
uxc mints a fresh short-lived Coinbase JWT on each private request; do not try to bind a stale pre-generated bearer token when jwt_bearer_v1 is available.
Coinbase exports ES256 private keys in more than one PEM form; this skill expects the raw downloaded PEM and does not require a manual PKCS#8 conversion step.
Treat post:/api/v3/brokerage/orders and post:/api/v3/brokerage/orders/batch_cancel as high-risk writes.
Keep initial product/account pulls narrow with small limit values.
coinbase-openapi-cli \x3Coperation> ... is equivalent to uxc https://api.coinbase.com --schema-url \x3Ccoinbase_advanced_trade_openapi_schema> \x3Coperation> ....

References

Usage patterns: references/usage-patterns.md
Curated OpenAPI schema: references/coinbase-advanced-trade.openapi.json
Coinbase Advanced Trade overview: https://docs.cdp.coinbase.com/coinbase-app/advanced-trade-apis/overview

安全使用建议

This skill appears to do what it says: it uses a curated OpenAPI schema and the 'uxc' tool to talk to Coinbase Advanced Trade. Before installing, verify you trust the 'uxc' binary and its auth binding behaviour (it will be used to store/mint short-lived JWTs). Be aware the instructions expect you to provide a Coinbase key id and a private key (COINBASE_KEY_ID and COINBASE_PRIVATE_KEY); these are highly sensitive — store them in a secure credential store and avoid pasting private keys into logs or chat. Note the manifest doesn't declare required env vars even though the docs reference them; confirm you understand where credentials will be stored and who/what can access them. If you do not fully trust autonomous agent actions, consider disabling autonomous invocation or require explicit user confirmation before performing any write (order create/cancel) operations.

功能分析

Type: OpenClaw Skill Name: coinbase-openapi-skill Version: 1.0.0 The skill bundle provides a legitimate interface for interacting with the Coinbase Advanced Trade REST API using the 'uxc' CLI tool. It includes a curated OpenAPI schema (references/coinbase-advanced-trade.openapi.json), clear documentation for setting up JWT-based authentication using environment variables, and explicit warnings regarding high-risk write operations like order placement. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the logic is consistent with its stated purpose of financial API interaction.

能力评估

✓ Purpose & Capability

The name, description, OpenAPI schema, and SKILL.md all align: this is a Coinbase Advanced Trade OpenAPI wrapper that expects to be run via the 'uxc' tool. The included schema, operations, and usage examples match the stated capabilities.

✓ Instruction Scope

Runtime instructions only reference uxc, the Coinbase API host, and the curated OpenAPI schema; they instruct creating a local uxc credential, linking a CLI wrapper, and performing reads/writes with explicit guardrails. There are no instructions to read unrelated system files or transmit data to unknown endpoints.

✓ Install Mechanism

No install spec is present (instruction-only), so nothing arbitrary will be fetched or written during installation. The only external content referenced is a schema hosted on raw.githubusercontent.com and api.coinbase.com, both expected for this purpose. A local validation script requires jq and rg for dev-time checks only.

ℹ Credentials

The skill itself declares no required env vars, but the instructions and examples reference COINBASE_KEY_ID and COINBASE_PRIVATE_KEY to be placed in a credential and bound to uxc's jwt_bearer_v1 signer. Requesting the Coinbase key id and ES256 private key is proportionate for minting Coinbase request-scoped JWTs, but the metadata/manifest omission of these env vars is a minor inconsistency that users should be aware of.

✓ Persistence & Privilege

The skill does not request always:true or other elevated persistent privileges. It relies on uxc for auth and execution and does not modify other skills or system configurations beyond recommending local credential creation via uxc.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install coinbase-openapi-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /coinbase-openapi-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release with OpenAPI-based Coinbase Advanced Trade integration. - Run Coinbase Advanced Trade REST APIs via `uxc`, using a curated OpenAPI schema. - Supports key product, account, and order operations; excludes Exchange/Prime/Derivatives APIs. - Includes concise JWT bearer authentication setup using Coinbase API key material and `uxc`'s `jwt_bearer_v1` signer. - Provides guidance on safe high-risk operations and parsing stable JSON output. - Requires prior installation of `uxc` and network access to `api.coinbase.com`. - Detailed documentation for setup, core workflow, and best practices included in SKILL.md.

元数据

Slug coinbase-openapi-skill

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题