longbridge-trader
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate Longbridge trading assistant, but it gives the agent direct broker-account trading authority through shell-run Python and under-declared credentials.
Only install this if you are comfortable giving the agent access to a Longport brokerage account. Use read-only or quote-only credentials when possible, enable trade permissions only deliberately, and require a clear confirmation before any order placement, modification, or cancellation.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misreads intent or confirmation is ambiguous, it could take high-impact financial actions such as placing, changing, or cancelling securities orders.
The skill tells the agent to execute raw Python through Bash to call broker SDK methods that can submit, modify, and cancel live securities orders. The stated confirmation rule covers order placement and replacement, but not cancellation.
“所有代码通过 Bash 工具执行 `python3 -c "..."`” ... “ctx.submit_order(...)” ... “ctx.replace_order(...)” ... “ctx.cancel_order(order_id="xxx")”
Require explicit user confirmation for every order submission, modification, and cancellation, showing symbol, side, order type, quantity, price, account, and expected effect. Prefer a constrained reviewed wrapper over arbitrary Bash-run SDK snippets.
Using this skill with a trading-capable token may let the agent view balances, positions, order history, executions, cash flows, and perform live trading actions on the user's brokerage account.
These are broker API credentials used for account and trading access. The provided requirements metadata declares no required env vars and no primary credential, so the high-privilege credential dependency is under-disclosed.
“环境变量(SDK 通过 `Config.from_env()` 自动读取):`LONGPORT_APP_KEY`, `LONGPORT_APP_SECRET`, `LONGPORT_ACCESS_TOKEN`”
Declare the credential requirements clearly, use least-privilege Longport tokens, separate quote-only and trade-enabled credentials, and avoid enabling trade permissions unless the user intentionally wants live order execution.
A changed or compromised dependency could affect account access or trading behavior.
The external SDK is expected for this integration, but the artifact has no install spec or pinned package version, so dependency provenance and version behavior are not fully captured in the review.
“Python 包:`longport`(通过 `pip install longport` 安装)”
Install the official Longport SDK from a trusted source, pin a reviewed version, and use an isolated Python environment.