LongPort Quant Trader (房总版)

Security checks across malware telemetry and agentic risk

Overview

This trading skill can place real broker orders and send Feishu messages, but its scope, credentials, simulation claims, and recipient handling are not controlled clearly enough for automatic approval.

Install only after reviewing the code and replacing all credentials, account IDs, Feishu app secrets, and open_id values. Treat the trading scripts as capable of live broker orders, not just simulation. Use a paper account first, disable or remove auto-trade loops and crontab scheduling until you understand each script, and do not rely on the included backtest/performance claims as real validation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (64)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: "--target", FEISHU_USER_OPEN_ID, "--message", message ] result = subprocess.run(cmd, capture_output=True, text=True, timeout=30) if result.returncode == 0: print("\n✅ 监控完成，推送成功")
Confidence: 84% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)

Tainted flow: 'cmd' from os.getenv (line 399, credential/environment) → subprocess.run (code execution)

Medium

Category: Data Flow
Content: "--target", FEISHU_USER_OPEN_ID, "--message", message ] result = subprocess.run(cmd, capture_output=True, text=True, timeout=30) if result.returncode == 0: print("\n✅ 监控完成，推送成功")
Confidence: 78% confidence
Finding: result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill advertises and appears to require sensitive capabilities including environment access, file operations, network access, and shell execution, yet it does not declare permissions explicitly. This weakens transparency and consent, making it easier for a user to approve a trading skill without understanding that it can read secrets, modify files, and execute commands in addition to placing trades.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The declared scope is a LongPort HK/US quant trader, but the analyzed behavior reportedly extends into unrelated markets, news/policy scraping, options analysis, message sending to specific users, and broader trading/backtesting utilities. That mismatch is dangerous because users may grant credentials and trust based on a narrow description while the package contains materially broader functionality that can exfiltrate data, send messages, or trigger different classes of trades than expected.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script claims stop-loss and take-profit management, but it only calculates and prints those price levels after entry without placing corresponding exit orders or running any monitoring loop to enforce them. In an automated trading skill, this creates a false sense of risk control and can leave positions unmanaged during adverse price moves.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The program presents itself as a test/simulation workflow to the user, but it initializes real trading contexts from environment credentials and later calls submit_order to place live buy orders. This mismatch can mislead users into believing they are paper trading while the code can execute real transactions, causing direct financial loss.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The file advertises an event-driven backtest that validates strategy performance with historical data, but all prices and trading signals are randomly generated. In a trading skill, this is dangerous because it can mislead users into trusting fabricated performance metrics and making real-money decisions based on invalid testing results.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The file contains hardcoded broker API credentials, an access token, and a specific trading account identifier. In the context of an automated trading skill, these secrets could allow unauthorized account access, order placement, account enumeration, or abuse of linked services, making this substantially more dangerous than generic sample config data.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The module docstring states that the strategy uses Longport virtual trading for real-time execution, but `execute_trade` never calls any broker order API and only creates a local mock record with a fabricated `VIRTUAL_*` order ID. In a trading skill, this mismatch is security-relevant because it can mislead operators into believing orders are being tested or executed in a controlled brokerage environment when nothing is actually submitted, causing unsafe operational decisions and false assurance.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The code presents randomized values as if they were optimized news sentiment and block-trade signals, which is dangerous in an automated trading skill because users may believe trades are based on real market intelligence. In this context, deceptive or careless simulation can trigger arbitrary buy/sell behavior and cause financial loss if connected to a live brokerage environment.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The comments and docstrings overstate the sophistication of the implementation, while the actual logic is random simulation. In a trading automation context, this misrepresentation is security-relevant because it can induce unsafe trust in autonomous financial decisions and conceal that orders are effectively driven by randomness.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The file is presented as an automated event/news trading strategy, but core decision functions use random values to generate trend, sentiment, and block-trade signals. In the context of a live trading skill, this is dangerous because it can trigger real buy/sell actions based on fabricated inputs while misleading users into believing trades are grounded in market/news analysis.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The header and runtime output claim strict risk control, high-confidence filtering, and performance validation, yet the implementation explicitly simulates outcomes and even biases price movement toward profit for high-confidence positions. This can materially misrepresent safety and profitability, causing users to trust and deploy a strategy that has not been genuinely validated.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The file markets itself as a "machine-learning-enhanced" trading strategy, but the implementation relies on random choices and trivial heuristic weight adjustments instead of any real trained model or validated inference pipeline. In a trading skill, this misrepresentation can mislead users into trusting fabricated sophistication and making financial decisions based on a non-deterministic simulation rather than a genuine ML system.

Intent-Code Divergence

Low

Confidence: 90% confidence
Finding: The execute_trade function name and docstring suggest real trade execution, but it only simulates prices and profit/loss internally using random values. In the context of an automated trading skill, this semantic mismatch can cause operators or downstream integrations to assume orders are being placed or risk controls are active when they are not.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill description promises automated monitoring, broker integration, Feishu notifications, and live stop-profit/stop-loss management, but this file only performs randomized local backtesting and prints results. In a financial trading context, this discrepancy is dangerous because users may deploy or rely on the skill believing essential execution, alerting, and risk-management controls exist when they do not.

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The script enumerates the Feishu user directory and then selects and messages a specific individual based on name matching, behavior that goes beyond a trading-monitoring integration and expands access to organizational contact data. In a trading skill context, this increases privacy risk and could enable unauthorized targeting or misuse of employee directory information.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The file claims to backtest strategy performance, but it only labels days with threshold-triggered returns and averages those same-day moves; it does not simulate entries, exits, holding periods, stop-loss/take-profit behavior, costs, slippage, or portfolio accounting. In a trading skill, this can materially mislead users into believing the strategy was validated, increasing the risk of unsafe financial decisions based on invalid performance data.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The broader skill description advertises automated trading, 5-minute monitoring, and risk controls, but this file performs only a one-off download and retrospective signal summary. In the context of a quant trading skill, that mismatch is dangerous because users may assume operational safeguards like continuous monitoring and stop management exist when they do not, leading to unmanaged exposure or misplaced trust in the system.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The function claims to retrieve intraday market data but instead fabricates synthetic price and volume series and then derives RSI, VWAP, breakout levels, and volume signals from them. In a trading skill context, this is dangerous because users may believe recommendations are based on live market candles when they are actually computed from fake data, leading to materially unsound trading decisions.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The script prints a reassurance that it did not place real orders, but earlier code can automatically submit buy orders when the mean reversion strategy matches and auto_trade is enabled. In a trading skill, this mismatch is dangerous because it can mislead users into running code they believe is non-executing while it can actually interact with a live brokerage context.

Context-Inappropriate Capability

Medium

Confidence: 74% confidence
Finding: Executing an external CLI is an unnecessary capability for this skill's stated purpose and increases the attack surface. In the context of a trading-related skill that may run with user credentials and automation privileges, introducing external process execution makes compromise more dangerous because it can be abused for arbitrary local actions if the helper or PATH is manipulated.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The module docstring claims the strategy has no stop-loss/take-profit, but the implementation later contains a profit-taking condition (`price > entry_price * 1.02`). In an automated trading skill, misleading strategy documentation can cause operators to deploy behavior they did not intend, creating financial risk through incorrect assumptions about exits and risk controls.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The inline comments describe closing on reverse signal or after holding N days, but the actual code only sells when `should_close` or `ret > 0 and entry_price > 0`, and even then only if profit exceeds 2%. This mismatch is especially dangerous in a live or semi-automated trading context because reviewers may believe losses are bounded by documented exits, while the implementation can leave positions open indefinitely if the profit condition is never met.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file markets itself as an options-chain monitor with strategy thresholds, but it does not retrieve option-chain, news, or order-flow data and instead generates hard-coded mock signals from underlying prices. In a live trading skill, this creates a deceptive automation risk: users may trust and act on outputs that appear data-driven when they are not, leading to unsafe financial decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal