ClawHub

my_stock_longbridge_skill

Security checks across malware telemetry and agentic risk

Overview

This stock-trading skill should go to Review because it embeds brokerage credentials, can place or cancel preset orders, and can forward private order details to a fixed recipient.

Do not install this skill as-is for any real or account-linked trading environment. Rotate the exposed Longbridge credentials, remove hardcoded tokens and fixed trade scripts, require explicit confirmation or dry-run mode before every order action, make notification recipients user-configurable and opt-in, and pin dependencies before reconsidering installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill advertises or implies capabilities such as file access and shell execution without declaring permissions, which weakens reviewability and informed consent for operators. In a trading-related skill, undeclared filesystem and shell capabilities materially increase risk because they can be used to exfiltrate secrets, alter local state, or invoke external commands beyond the stated purpose.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose is stock management, but the code behavior reportedly also listens to private order events and forwards order status/trade details to external users via a subprocess messaging command. That is a significant behavior gap because it can disclose sensitive trading activity and create an unreviewed outbound communication path not evident from the skill description.

Intent-Code Divergence

Low
Confidence
91% confidence
Finding
The comment downplays the sensitivity of the embedded values as mere 'credential information' even though they authorize authenticated trading operations. In a trading skill, misleading labeling reduces operator caution and can contribute to unsafe reuse, exposure, or execution of account-affecting actions.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This file forwards order-status data to an external messaging channel via a local CLI, which expands the skill's capabilities beyond trading integration into outbound data exfiltration. Even if intended for notifications, the behavior is not evident from the stated skill purpose and can leak sensitive trading activity, account behavior, and rejection details to a hard-coded recipient.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill executes an external messaging tool to send order events to a predefined account and target, creating an unneeded external-communication pathway from sensitive trading workflows. In a trading-management context, silent subprocess-based forwarding is more dangerous because it can covertly expose transaction details outside the broker/OpenAPI boundary.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This file does not implement a general trading integration; it immediately places a market sell order for a hard-coded symbol and quantity when run. In a trading skill, unprompted order execution is dangerous because it can trigger unauthorized transactions, financial loss, and misuse of linked brokerage credentials without explicit user approval.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents live actions to place, modify, and cancel orders without a clear user-facing risk warning or safeguards around real-money execution. In a brokerage context, this increases the chance of accidental or misunderstood trading activity, which can cause immediate financial loss even without a traditional software exploit.

Missing User Warnings

High
Confidence
99% confidence
Finding
Hardcoded APP_KEY, APP_SECRET, and especially a live-looking access token in source code are a direct secret-exposure vulnerability. Anyone who obtains the file can potentially authenticate to the brokerage API and perform account actions, which is especially dangerous in a trading-management skill context because the credentials appear sufficient to cancel or place orders.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code performs an authenticated order-cancellation request immediately, with a preset order ID and no user confirmation, approval gate, or dry-run protection. In a trading context, this can cause unauthorized or accidental cancellation of orders, disrupting strategy execution and potentially causing financial loss.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script places a live sell order for a specific security immediately on execution, with no user confirmation, pre-trade review, or environmental safeguards. In a trading skill, this is especially dangerous because simply invoking or importing the script can trigger an irreversible financial action, causing unintended liquidation or loss.

Missing User Warnings

High
Confidence
98% confidence
Finding
The code places a live sell order for MU.US immediately on execution, with no user-facing confirmation, preview, dry-run mode, or guardrail to prevent accidental irreversible trading. In a trading skill, this is especially dangerous because the action directly affects real financial assets and can be triggered unintentionally or by misuse of the skill.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains plaintext Longbridge API credentials and a bearer-style access token directly in source code, which is a real secret exposure vulnerability. Anyone who can read the repository, logs, or packaged skill can reuse these credentials to access the associated brokerage API account, inspect account data, or place/modify orders depending on token scope; in a trading integration, this context makes the issue especially dangerous because credential compromise can lead to financial loss and account abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Order event fields including symbol, side, quantities, prices, and rejection messages are sent outbound without any visible user-facing disclosure or consent flow. This creates a privacy and confidentiality risk because trade activity and potentially sensitive broker feedback are transmitted to a hard-coded external recipient.

Missing User Warnings

High
Confidence
100% confidence
Finding
The file contains hard-coded API credentials and a long-lived access token directly in source code. Embedded brokerage secrets can be extracted by anyone with repository or artifact access, enabling unauthorized account access, order placement, data exposure, and persistent compromise until the credentials are revoked.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code submits a live market sell order without any confirmation, warning, or secondary authorization. In the context of a brokerage integration skill, this is especially dangerous because execution is the sensitive action itself, and accidental or automated invocation can immediately liquidate positions or create financial losses.

Missing User Warnings

High
Confidence
99% confidence
Finding
The file contains hardcoded Longbridge API credentials, including an app key, secret, and access token. Anyone with access to the source can reuse these secrets to access the associated brokerage account or trading API, which is especially dangerous in a trading skill because it can enable unauthorized order placement, account access, and token abuse.

Missing User Warnings

High
Confidence
93% confidence
Finding
The manage_order function can submit buy/sell orders directly via trade.submit_order without any enforced explicit user confirmation, approval workflow, or clear interactive warning at the execution point. In the context of a brokerage trading skill, this makes accidental, spoofed, or unauthorized order placement much more dangerous because invoking the function is sufficient to trigger a real market action.

Unpinned Dependencies

Low
Category
Supply Chain
Content
longbridge
tenacity
Confidence
94% confidence
Finding
longbridge

Unpinned Dependencies

Low
Category
Supply Chain
Content
longbridge
tenacity
Confidence
92% confidence
Finding
tenacity

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal