Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
my_stock_longbridge_skill
v1.0.2长桥证券(Longbridge)OpenAPI 集成与交易管理技能
⭐ 0· 116·1 current·1 all-time
by@canonxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Functionality (submit/cancel orders, streaming notifications, account/market queries) matches the Longbridge trading purpose. However the bundle claims to rely on configured secrets but instead hardcodes APP_KEY/APP_SECRET/ACCESS_TOKEN in multiple files and includes an embedded bot account/target for notifications; those specifics are not justified or declared in the metadata.
Instruction Scope
SKILL.md tells the user to configure credentials via 'openclaw secrets configure', but the runtime code ignores that and uses hardcoded credentials. The code reads/writes a HISTORY_FILE under /home/admin/.openclaw/skills/... and invokes the 'openclaw' CLI via subprocess to send messages to a target user — these filesystem and CLI operations are not declared in the skill instructions or registry metadata.
Install Mechanism
There is no install spec (instruction-only), but the package includes a requirements.txt (longbridge, tenacity) and multiple Python modules. No remote downloads or installers are present, which lowers install-time risk, but the lack of an install/install-time guidance (virtualenv, where to place files) combined with embedded secrets is problematic.
Credentials
The code hardcodes APP_KEY, APP_SECRET, and a long ACCESS_TOKEN in multiple files instead of using declared environment variables or secret storage. The skill declares no required env vars or config paths, yet it expects write access to /home/admin/.openclaw/skills/... and access to the 'openclaw' CLI and a bot account/target. Hardcoded credentials and undeclared access are disproportionate and dangerous for a public skill.
Persistence & Privilege
The skill does not set always:true and does not modify other skills' configs, but it runs a long-lived notifier (daemon) that subscribes to private topics and calls out to an external messaging command. This gives it continuous network/IO presence while active; combined with hardcoded credentials, that increases blast radius but is not itself a declared privilege escalation.
Scan Findings in Context
[base64-block] unexpected: The SKILL.md triggered a 'base64-block' prompt-injection pattern. The visible SKILL.md content looks benign, but the scanner flagged an injection pattern — treat the skill with extra caution and inspect for hidden/encoded payloads.
[hardcoded-credentials] unexpected: Multiple files (stock_manager.py, sell_nbis.py, cancel_order.py, inspect_submit.py) contain hardcoded APP_KEY, APP_SECRET, and ACCESS_TOKEN strings. Trading integrations need credentials, but embedding them in code is unsafe and contradicts the SKILL.md guidance to use secret configuration.
What to consider before installing
This skill appears to implement legitimate Longbridge trading functions, but it hardcodes API credentials and assumes write/CLI access that it does not declare. Do NOT install or run it on any account containing real money or private data until the author fixes these issues. Minimum actions to make this safe: remove hardcoded APP_KEY/APP_SECRET/ACCESS_TOKEN from all files and require the use of secure secrets (environment variables or the platform's secret store); update SKILL.md to describe exact config paths and permissions; avoid writing to /home/admin (use a relative or declared path); verify the openclaw message target and bot account are intentional; rotate any credentials that were embedded (treat them as compromised). If you need help vetting a cleaned version, request the updated package or ask the author for an explanation and proof that embedded credentials have been revoked.Like a lobster shell, security has layers — review code before you run it.
latestvk97bawd0ca3q4vt40g8a1678h583w1r0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.