Longbridge Openapi
PassAudited by ClawScan on May 11, 2026.
Overview
This is a coherent Longbridge finance integration, but it can use brokerage credentials and make confirmed account-side changes such as alerts or recurring investment plans.
This skill appears appropriate for Longbridge market and account workflows. Before installing or using it, make sure the `longbridge` CLI is from an official source, grant only the scopes you need, and carefully review any preview before confirming account changes, alerts, or recurring investment plans.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms the wrong action, the agent could change watchlists, create alerts, or set up investment automation through Longbridge.
The skill includes tools that can mutate brokerage-side settings or investment plans, which is high-impact but directly related to its stated finance/trading purpose.
watchlist read + admin, price alerts, recurring DCA plans
Only approve mutation previews after checking the exact symbol, account, amount, frequency, and action; avoid broad or ambiguous confirmations.
The skill may be able to view brokerage account information and, where trade scope is granted, perform account-related operations after confirmation.
The skill may use OAuth tokens, app secrets, and trade-scope login for Longbridge account access. This is expected for the integration, but the permissions are sensitive.
LONGBRIDGE_APP_SECRET ... LONGBRIDGE_ACCESS_TOKEN ... Sections marked 🔒 require trade-scope login.
Use the least-privileged Longbridge login available, keep tokens out of shared environments, and revoke or rotate credentials if no longer needed.
Security depends on the `longbridge` binary installed on the user’s system.
The reviewed artifact does not include runnable code or an install recipe, so the actual `longbridge` CLI implementation and provenance are outside this review.
Source: unknown ... Required binaries (at least one): longbridge ... No install spec — this is an instruction-only skill.
Install the Longbridge CLI only from official Longbridge sources, verify the binary/version, and avoid using untrusted wrappers.
A confirmed alert or DCA plan may continue to operate until the user changes or cancels it in Longbridge.
Alerts and recurring investment plans can persist after the current chat. The artifact discloses this capability, so this is a persistence note rather than hidden behavior.
price alerts, and recurring DCA plans
Set explicit limits and review active alerts or recurring plans periodically in the Longbridge account.