← 返回 Skills 市场

Trading upbit skill

Name: Trading upbit skill
Author: kuns9

作者 kuns9 · GitHub ↗ · v1.0.14

cross-platform ✓ 安全检测通过

1264

总下载

当前安装

版本数

在 OpenClaw 中安装

/install trading-upbit-skill

功能描述

Upbit automated trading (aggressive breakout) with cron-friendly run-once commands, TopVolume monitoring, and percent-based budget splitting.

安全使用建议

This skill appears to implement what it claims (an Upbit trading bot). Before installing: (1) run it in dry-run mode and use a test account or minimal funds; (2) inspect scripts/execution/upbitClient.js and scripts/config/index.js to confirm API host usage and how environment variables map to cfg.upbit (there are inconsistent env variable names in docs vs comments); (3) run node skill.js security_check to ensure only api.upbit.com URLs exist; (4) store keys in the platform secret store (not config.json), limit key permissions while testing, and rotate keys after use. If you don't want live trading, ensure execution.dryRun=true and verify the Upbit client will not send requests that aren't allowlisted. Finally, be aware that npm install will pull third-party dependencies (axios, jsonwebtoken, uuid) — audit them if you require stricter supply-chain controls.

功能分析

Type: OpenClaw Skill Name: trading-upbit-skill Version: 1.0.14 The OpenClaw skill bundle is classified as benign. The code and documentation consistently demonstrate a strong focus on security, explicitly stating that it does not include telemetry or upload data, a claim verified by the `UpbitClient.js` which strictly allowlists `api.upbit.com` as the only external host and disables redirects. API keys are prioritized from environment variables, preventing hardcoding. A `securityCheck.js` script is provided for users to self-audit for unexpected external URLs. All file system operations are confined to the skill's local `resources/` directory for state management, and there is no evidence of malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent.

能力评估

✓ Purpose & Capability

Name/description (Upbit automated trading) match the code and runtime instructions: the code implements monitoring, event enqueueing, position state, risk checks, and order execution via an Upbit client. Declared required binary (node) and credentials (Upbit API keys) are appropriate.

ℹ Instruction Scope

SKILL.md and skill.js instruct the agent to run monitor/worker/smoke_test and to store keys in env or config.json. Runtime behavior is limited to local files under resources/ and Upbit API calls. No instructions appear to read unrelated system files or transmit data to external hosts other than Upbit. Note: the docs recommend running a built-in security_check and dry-run first (good).

✓ Install Mechanism

This is instruction-heavy with a package.json listing common dependencies (axios, jsonwebtoken, uuid). No install script or remote download URLs are present; user runs npm install locally which is expected for a Node skill.

ℹ Credentials

The skill only requires Upbit API keys (primary: UPBIT_ACCESS_KEY, UPBIT_SECRET_KEY) which is proportional. Minor inconsistency: SKILL.md/README/security text also mentions alternative names (UPBIT_OPEN_API_ACCESS_KEY / UPBIT_OPEN_API_SECRET_KEY) and skill.js comments reference these names too. The actual code uses loadConfig() to obtain cfg.upbit.accessKey/secretKey; verify scripts/config/index.js to confirm how environment variables are mapped to cfg.upbit to avoid misconfiguration.

✓ Persistence & Privilege

always is false; the skill is user-invocable and does not request permanent platform-wide privileges or modify other skills. It creates and manages local resource files (events/positions/heartbeat) inside its own project root, which is expected for a cron-run bot.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install trading-upbit-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /trading-upbit-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.14

- Added SECURITY.md with clear installation and API key security guidance. - Introduced scripts/security/securityCheck.js for easy repository URL self-checking. - Security section now included at the top of documentation with best practices and a quick check command. - No user-facing changes to trading logic or configuration.

v1.0.13

- Removed five resource files: events.json, heartbeat.json, nearCounter.json, positions.json, and topVolumeCache.json. - No changes to public documentation or functionality indicated. - Skill behavior and usage remain unchanged.

v1.0.12

- Added a .gitignore file for improved repository hygiene. - Updated metadata to specify required environment variables: UPBIT_ACCESS_KEY and UPBIT_SECRET_KEY. - Declared UPBIT_ACCESS_KEY as the primary environment variable in metadata.

v1.0.11

Version 1.0.11 - No code or documentation changes detected in this release. - All features and usage remain unchanged.

v1.0.10

- Added resource files for events, heartbeat, nearCounter, positions, and topVolumeCache. - Introduced a new budget policy supporting percent-based KRW allocation and per-order splitting when handling multiple simultaneous buys. - Documented the cron-friendly run-once commands (`monitor_once`, `worker_once`, `smoke_test`) and clarified their behaviors. - Updated metadata, improved documentation for setup and usage, and removed redundant files. - Outlined expected resource files and new auto-generated outputs for improved monitoring and state tracking.

v1.0.9

- Added comprehensive test scripts under scripts/tests/: common.js, inject_buy_signal.js, inject_sell_signal.js, run_worker_once.js, and set_position.js. - These scripts support easier testing and validation of buy/sell signals, worker behavior, and position handling.

v1.0.8

Version 1.0.8 of trading-upbit-skill - Correct worker handling errors for buy orders

v1.0.7

- Removed the config.json file from version control to improve security and prevent accidental commits of sensitive configuration data. - Users are now expected to create their own config.json based on the provided example file.

v1.0.6

trading-upbit-skill v1.0.6 -Improved aggressive buying strategy

v1.0.5

- Added a .gitignore file to the project. - Updated documentation in SKILL.md for Cron-safe usage; improved instructions for OpenClaw integration and clarified tool requirements. - No changes to trading logic or code; documentation and project setup only.

v1.0.4

**Major refactor and architectural update for modularity and extensibility.** - Reorganized core logic into a scripts/ directory, adopting separation of concerns (config, data, execution, indicators, risk, state, strategy, workers). - Added new modules for market data, API client, advanced risk management, multi-strategy, and event-driven worker execution. - Improved monitoring by introducing Top Volume dynamic surveillance and near-breakout candidate detection. - Removed legacy monolithic files and merged strategies, execution, and repo logic into newly structured services. - Updated SKILL.md to reflect new structure, strategy features, and usage instructions.

v1.0.3

Major refactor: migrated to a single-run, cron-driven architecture ("A-Plan") with streamlined logic and KV-state per market. - Replaced previous event/trigger handler system with a CLI-based entrypoint (`skill.js`) for execution and queries. - All legacy scripts and deep folder structure removed; replaced with concise modules grouped by domain (adapters, handlers, domain, repo, services, utils). - Bot can now be controlled by cron, running every 5 minutes and exiting after a full trade cycle. - New strategy logic: Volatility Breakout with bullish filter, strict JSON output, and distributed locking to prevent overlapping runs. - Storage schema updated: state, positions, and locks now use isolated KV keys. - Added CLI subcommands to directly query price, holdings, and asset valuation.

v1.0.2

**Major update: Migrated to OpenClaw runtime with trigger-based execution and environment-provided tool integration.** - Added OpenClaw adapter and modular handler files for market monitoring and event processing. - Introduced trigger handlers: monitorHandler (interval-based) and eventHandler (storage event-driven). - All state persistence and market/order interactions now use OpenClaw tools via the adapter. - Reorganized directory and component structure for clarity and separation of concerns. - Removed direct Upbit API/signing logic; all authentication is managed by the environment. - Enhanced reliability and safety controls through state-aware storage operations and tool-validated order checks.

v1.0.0

- Initial release of Upbit Trading Engine (v1.0.0) with ClawHub compliance. - Supports market data retrieval, technical indicators (RSI, MACD, ATR, Bollinger Bands), and volatility breakout strategy. - Provides risk management (order size, balance, fee checks) and state machine-based position tracking. - Implements robust error handling (429 retry, explicit retriable status). - Includes test mode using simulated order endpoints for safe experimentation. - Modular code structure for indicators, strategies, risk, execution, and state management.

元数据

Slug trading-upbit-skill

版本 1.0.14

许可证 —

累计安装 3

当前安装数 2

历史版本数 14

常见问题

Trading upbit skill 是什么？

Upbit automated trading (aggressive breakout) with cron-friendly run-once commands, TopVolume monitoring, and percent-based budget splitting. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1264 次。

如何安装 Trading upbit skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install trading-upbit-skill」即可一键安装，无需额外配置。

Trading upbit skill 是免费的吗？

是的，Trading upbit skill 完全免费（开源免费），可自由下载、安装和使用。

Trading upbit skill 支持哪些平台？

Trading upbit skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Trading upbit skill？

由 kuns9（@kuns9）开发并维护，当前版本 v1.0.14。