← 返回 Skills 市场
432
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install etoro-trading-api
功能描述
eToro Public API — full trading, market data, social, and watchlist integration. Supports SSO, Bearer, and API key auth.
使用说明 (SKILL.md)
eToro Public API 📈
Full eToro Public API integration with trading execution, market data, social feed, and watchlists.
API Docs: https://etoro-6fc30280.mintlify.app/
Base URL: https://public-api.etoro.com/api/v1
Authentication
Three auth modes (priority order):
- SSO Access Token —
Authorization: Bearer \x3Caccess_token> - SSO Auth Token —
Authorization: \x3Cetoro_user_id> - API Keys —
x-api-key+x-user-key+x-request-id(UUID)
Endpoints
Portfolio & Account
| Tool | Method | Endpoint | Auth |
|---|---|---|---|
get_portfolio |
GET | /trading/info/portfolio (demo: /trading/info/demo/portfolio) |
Personal |
get_trading_history |
GET | /trading/info/real/history (demo: /trading/info/demo/history) |
Personal |
Trading Execution
All trading endpoints support real/demo mode. Demo adds /demo/ after /execution/.
| Tool | Method | Endpoint |
|---|---|---|
open_position_by_amount |
POST | /trading/execution/market-open-orders/by-amount |
open_position_by_units |
POST | /trading/execution/market-open-orders/by-units |
close_position |
POST | /trading/execution/market-close-orders/{positionId} |
place_limit_order |
POST | /trading/execution/limit-orders |
cancel_limit_order |
DELETE | /trading/execution/limit-orders/{orderId} |
cancel_open_order |
DELETE | /trading/execution/market-open-orders/{orderId} |
cancel_close_order |
DELETE | /trading/execution/market-close-orders/{orderId} |
Market Data (Public)
| Tool | Method | Endpoint |
|---|---|---|
get_market_data |
GET | /market-data/search?internalSymbolFull=AAPL |
get_market_rates |
GET | /market-data/rates?instrumentIds=1001,1002 |
get_price_history |
GET | /market-data/instruments/{id}/candles?period=OneMonth |
get_trading_info |
GET | /trading/info/instrument/{id} |
get_asset_classes |
GET | /market-data/instrument-types |
get_exchanges |
GET | /market-data/exchanges |
get_instrument_metadata |
GET | /market-data/instruments?instrumentIds=1001,1002 |
get_closing_prices |
GET | /market-data/closing-prices |
Social
| Tool | Method | Endpoint |
|---|---|---|
get_instrument_feed |
GET | /feeds/instruments/{id}?limit=5 |
get_popular_investors |
GET | /copy/popular-investors?limit=10 |
search_users |
GET | /users/search?query=... |
get_user_portfolio |
GET | /users/{username}/portfolio |
get_user_stats |
GET | /users/{username}/stats |
get_user_feed |
GET | /feeds/users/{username}?limit=5 |
create_post |
POST | /feeds/posts |
create_comment |
POST | /feeds/posts/{postId}/comments |
Watchlists
| Tool | Method | Endpoint |
|---|---|---|
get_watchlists |
GET | /watchlists |
get_curated_lists |
GET | /watchlists/curated |
create_watchlist |
POST | /watchlists |
add_to_watchlist |
POST | /watchlists/{watchlistId}/items |
remove_from_watchlist |
DELETE | /watchlists/{watchlistId}/items/{instrumentId} |
Key Notes
- Instrument IDs are numeric (not tickers). Resolve via
/market-data/search?internalSymbolFull=AAPL - Trading tools default to
mode=real. Only use demo if explicitly requested. - All trading execution is logged with full request details before sending.
- Rate limit: 100 req/min
安全使用建议
This skill exposes live trading endpoints and lists several authentication modes but does not declare how credentials are provided or protected. Before installing or invoking it: (1) verify the API base URL and official documentation—this package has no homepage/source link; (2) never run trading actions without explicitly switching to demo mode until you have validated requests; (3) avoid pasting secrets into free-text prompts—use a secure credential input mechanism and confirm where logs are written; (4) ask the publisher to declare required env vars (or a secure auth flow) and to remove or clarify 'log full request details' so sensitive headers are not stored or transmitted; (5) if you proceed, test only with demo accounts and carefully audit any logs to ensure API keys/tokens are not being captured or sent to external endpoints.
功能分析
Type: OpenClaw Skill
Name: etoro-trading-api
Version: 1.0.0
This skill is classified as suspicious due to its inherent high-risk capabilities. The `SKILL.md` explicitly defines tools for real financial trading execution (e.g., `open_position_by_amount`, `close_position`) and instructs the AI agent to default to 'real' trading mode. While there is no evidence of intentional malicious behavior from the skill developer (e.g., data exfiltration, backdoors), the direct access to financial transactions and the default to real mode present a critical vulnerability. A compromised or prompt-injected agent could be manipulated to perform unauthorized financial operations, leading to significant financial loss. The requirement for `curl` and `python3` also grants the agent access to powerful system tools.
能力评估
Purpose & Capability
Name/description, listed endpoints, and required binaries (curl, python3) are consistent with a simple instruction-only HTTP API integrator. However, the skill documents multiple auth modes (SSO/Bearer/API keys) but declares no required environment variables or 'primary credential', which is incomplete for a trading integration that must authenticate.
Instruction Scope
SKILL.md stays focused on API endpoints and authentication, but it contains two risky operational details: trading defaults to mode=real (so actions are live unless explicitly switched) and 'All trading execution is logged with full request details before sending' — that logging could capture and expose sensitive tokens/keys unless its destination and retention are controlled. The instructions do not indicate how credentials are supplied or protected.
Install Mechanism
Instruction-only skill with no install spec and only a dependency on common binaries (curl, python3). This is low-risk from an install/extraction perspective.
Credentials
The SKILL.md requires auth (Bearer, SSO, x-api-key/x-user-key) in practice, but requires.env is empty and no primary credential is declared. That mismatch is notable: the skill will need secrets at runtime but provides no guidance about secure provision, storage, or which vars the agent will read. Combined with the stated detailed logging, this increases risk of inadvertent credential exposure.
Persistence & Privilege
always:false and no required config paths or installation steps modifying agent/system configuration. The skill does not request persistent or global privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install etoro-trading-api - 安装完成后,直接呼叫该 Skill 的名称或使用
/etoro-trading-api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Full eToro Public API — trading execution, market data, social feed, watchlists. SSO + Bearer + API key auth. 30+ endpoints.
元数据
常见问题
eToro Trading API 是什么?
eToro Public API — full trading, market data, social, and watchlist integration. Supports SSO, Bearer, and API key auth. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 432 次。
如何安装 eToro Trading API?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install etoro-trading-api」即可一键安装,无需额外配置。
eToro Trading API 是免费的吗?
是的,eToro Trading API 完全免费(开源免费),可自由下载、安装和使用。
eToro Trading API 支持哪些平台?
eToro Trading API 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 eToro Trading API?
由 Yoni(@yoniassia)开发并维护,当前版本 v1.0.0。
推荐 Skills