← 返回 Skills 市场
Kraken Exchange
作者
beknar.askarov
· GitHub ↗
· v0.3.2
567
总下载
0
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install tentactl
功能描述
Interact with the Kraken cryptocurrency exchange — spot + futures, REST + WebSocket. Use when: (1) checking crypto prices or market data, (2) viewing account...
安全使用建议
This skill is internally consistent and appears to do what it claims, but you should: (1) only install or run it if you trust the tentactl binary/repo (inspect source or use official GitHub Releases), since the wrapper delegates all action to that binary; (2) prefer creating least-privilege Kraken API keys (read-only for queries, narrow trading perms only when needed) and keep them in a secure vault; (3) be aware the setup script can read from your local 1Password CLI (it lists item titles and can reveal fields) — run it only on machines you control; (4) test trading actions with validate:true and explicit user confirmation (the SKILL.md recommends this); and (5) if you need higher assurance, review tentactl's source or build the binary locally rather than installing an unsigned release.
功能分析
Type: OpenClaw Skill
Name: tentactl
Version: 0.3.2
This skill is classified as suspicious due to its inherent high-risk capabilities, including real-money trading, fund transfers, and withdrawals on a cryptocurrency exchange, as well as its method of installing and handling API keys. While the `SKILL.md` includes explicit 'Safety Rules' to mitigate prompt injection and ensure user confirmation for sensitive actions, the `cargo install tentactl` command in `SKILL.md` and `scripts/kraken.sh` represents a supply chain risk, as it executes an external binary (`tentactl`) which, if compromised, could lead to arbitrary code execution. Additionally, `scripts/setup-keys.sh` handles sensitive API keys, storing them in `~/.tentactl.env` and interacting with the 1Password CLI, which are sensitive operations that, while seemingly legitimate for setup, contribute to the overall risk profile.
能力评估
Purpose & Capability
Name/description (Kraken spot + futures, REST + WS) match the requested binary (tentactl) and the KRAKEN_API_KEY/KRAKEN_API_SECRET environment variables. The included wrappers and docs all call tentactl and target Kraken endpoints — the requested pieces are proportionate to the stated purpose.
Instruction Scope
SKILL.md and scripts instruct the agent to run the tentactl MCP binary via scripts/kraken.sh and scripts/kraken.py, load ~/.tentactl.env for keys, and optionally use the provided setup-keys.sh to populate that file (including using the 1Password CLI). The instructions do not read unrelated system files or attempt to transmit secrets to unexpected endpoints; everything stays within Kraken/tentactl usage. Note: setup-keys.sh will enumerate and print 1Password item titles for user selection (local op CLI usage).
Install Mechanism
There is no platform-level install spec, but SKILL.md contains an 'install via cargo' recommendation (cargo install tentactl / GitHub Releases). Using cargo or GitHub releases is a reasonable install path. Because the skill delegates to an external binary, the security depends on the trustworthiness of the tentactl binary/repo; the skill itself does not fetch arbitrary archives or run downloads from untrusted URLs.
Credentials
Only KRAKEN_API_KEY and KRAKEN_API_SECRET are required for authenticated actions, which is appropriate. The scripts optionally respect KRAKEN_ENV_FILE and KRAKEN_MCP_BINARY but do not require unrelated credentials. Keys are written to ~/.tentactl.env (documented) with chmod 600 — reasonable but means the file contains long-lived credentials.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes and reads only its own env file (~/.tentactl.env) and does not modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with any unusual privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tentactl - 安装完成后,直接呼叫该 Skill 的名称或使用
/tentactl触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.2
Release v0.3.2
v0.3.1
Release v0.3.1
v0.3.0
10 new tools (114 total), comprehensive error handling, cleanup
v0.2.1
Release v0.2.1
v0.2.0
Release v0.2.0
v0.1.2
Address security scan concerns: declare credentials, env vars, file writes, network access, and binary source in metadata
v0.1.1
Release v0.1.1
v0.1.0
Initial release
元数据
常见问题
Kraken Exchange 是什么?
Interact with the Kraken cryptocurrency exchange — spot + futures, REST + WebSocket. Use when: (1) checking crypto prices or market data, (2) viewing account... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 567 次。
如何安装 Kraken Exchange?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tentactl」即可一键安装,无需额外配置。
Kraken Exchange 是免费的吗?
是的,Kraken Exchange 完全免费(开源免费),可自由下载、安装和使用。
Kraken Exchange 支持哪些平台?
Kraken Exchange 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Kraken Exchange?
由 beknar.askarov(@askbeka)开发并维护,当前版本 v0.3.2。
推荐 Skills