← 返回 Skills 市场
268
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install mexc-openapi-skill
功能描述
Operate MEXC Spot REST APIs through UXC with a curated OpenAPI schema, HMAC query signing, and separate public/signed workflow guardrails.
安全使用建议
This skill appears to do what it says (wrap MEXC Spot REST via a curated OpenAPI schema and HMAC signing) but there are important inconsistencies you should resolve before use: 1) Confirm the installer/registry metadata lists the required environment variables (MEXC_API_KEY and MEXC_SECRET_KEY) so you know the skill will access secrets. 2) Verify 'uxc' (the execution/auth utility) is trusted in your environment — the skill delegates auth and signing to uxc. 3) Be aware the validate script requires jq and ripgrep (rg); ensure those tools are available. 4) Because the skill can perform signed writes (create/cancel orders), require explicit confirmations and limit the API key’s permissions and funds on the exchange (use a restricted API key where possible). 5) Inspect or pin the OpenAPI schema source (raw.githubusercontent.com URL) and consider hosting your own trusted copy if you need higher assurance. If the registry metadata cannot be corrected or you do not trust uxc or the schema source, treat this skill as higher risk and avoid giving it live API keys.
功能分析
Type: OpenClaw Skill
Name: mexc-openapi-skill
Version: 1.0.0
The mexc-openapi-skill is a legitimate tool designed to interface with the MEXC Spot REST API using the uxc utility. It includes a standard OpenAPI schema (mexc-spot.openapi.json), clear authentication procedures using environment variables for HMAC signing, and explicit safety guardrails in SKILL.md that require confirmation for high-risk write operations. No indicators of data exfiltration, malicious execution, or prompt injection were found.
能力评估
Purpose & Capability
The SKILL.md and OpenAPI schema clearly describe MEXC Spot public and signed flows (consistent with the name). However the skill metadata declares no required environment variables or binaries while the instructions explicitly require MEXC_API_KEY and MEXC_SECRET_KEY (via uxc auth) and the validate script requires jq and rg — this mismatch is incoherent and should be corrected.
Instruction Scope
Instructions stay within the stated purpose (link to API, curate OpenAPI schema, set up HMAC signer, prefer reads before writes, require confirmation for writes). But they instruct creating credentials from env:MEXC_API_KEY and env:MEXC_SECRET_KEY and adding a signer binding — yet those env vars are not declared in metadata. The skill also relies on an external 'uxc' skill and on network access to api.mexc.com and a raw.githubusercontent.com schema URL (expected but worth verifying trust).
Install Mechanism
This is instruction-only (no install spec), which is lowest install risk. Referenced schema is hosted on raw.githubusercontent.com (a normal release host). The included validate.sh is benign but requires jq and rg on PATH.
Credentials
The behavior legitimately requires two sensitive fields (API key and secret) for signed Spot operations, which is proportionate to the purpose — but those credentials are not listed in requires.env/primaryEnv. Also the validate script requires jq and rg which are not declared. The missing declarations reduce transparency about what secrets/tools the skill will use.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill does not request forced permanent inclusion or to modify other skills. Autonomous invocation combined with signed-write capability raises operational risk (it can place/cancel orders) but that risk follows from the feature, not from extra privileges requested by the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mexc-openapi-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/mexc-openapi-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of MEXC Spot API skill for UXC:
- Enables use of MEXC Spot REST APIs via UXC with curated OpenAPI schema.
- Supports public market reads, signed account reads, and signed order operations.
- Implements HMAC SHA256 signing and authentication guardrails for signed endpoints.
- Includes setup instructions for credential and signer binding.
- Provides groupings for public, signed read, and signed write operation types.
元数据
常见问题
MEXC OpenAPI Skill 是什么?
Operate MEXC Spot REST APIs through UXC with a curated OpenAPI schema, HMAC query signing, and separate public/signed workflow guardrails. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 268 次。
如何安装 MEXC OpenAPI Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mexc-openapi-skill」即可一键安装,无需额外配置。
MEXC OpenAPI Skill 是免费的吗?
是的,MEXC OpenAPI Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
MEXC OpenAPI Skill 支持哪些平台?
MEXC OpenAPI Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MEXC OpenAPI Skill?
由 jolestar(@jolestar)开发并维护,当前版本 v1.0.0。
推荐 Skills