Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Longbridge
v1.0.0Longbridge platform expert for investment analysis AND developer tasks. TRIGGER on ANY of: (1) any stock/market analysis request in any language — price perf...
⭐ 0· 81·1 current·1 all-time
byJason Lee@huacnlee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description and included reference docs (CLI, Python/Rust SDKs, MCP) match the stated purpose of being a Longbridge platform expert for investment analysis and developer tasks. The files provide expected SDK/CLI usage and trading examples.
Instruction Scope
The runtime instructions tell the agent to execute CLI/SDK commands that access account positions, news, and can place orders. The docs explicitly say to always pull positions when users ask about portfolios and include order placement examples. The references also disclose local token cache paths (~/.longbridge/...) and recommend connecting MCP which 'exposes tools to the AI' — this gives an agent access to sensitive account actions if OAuth is authorized. The SKILL.md does not explicitly constrain the agent from reading local token files or auto-executing orders, so the instruction scope is broader than a read-only analysis skill.
Install Mechanism
This is an instruction-only skill (no install spec), which is lower risk. However the bundled docs recommend installing the CLI with Homebrew (fine) or via a remote install script piped from GitHub raw (curl ... | sh). That install method (download-and-execute) carries higher risk in general and should be validated by the user before running.
Credentials
The skill declares no required env vars or credentials, which is reasonable because Longbridge uses OAuth, but multiple reference files reveal token cache paths and environment variables (LONGBRIDGE_*). The skill's functionality (view positions, place orders, subscribe to push events) legitimately requires account OAuth tokens — access to these is highly sensitive. The skill does not request explicit read-only scope limits, so enabling it could permit trading-capable actions if OAuth consent is granted.
Persistence & Privilege
always:false and no install spec are good. However the SKILL.md author recommends broad trigger conditions (TRIGGER on ANY ticker/portfolio mention) and MCP integration that 'automatically exposes tools to the AI'. Combined with default autonomous invocation, this creates a higher blast radius: an agent could be triggered frequently and may be able to call trade APIs if the user authorizes OAuth. This is not inherently malicious but increases risk and should be constrained by the user (scopes, confirmation rules).
What to consider before installing
This skill appears to be genuine Longbridge documentation packaged to help an AI use the Longbridge CLI/SDK/MCP, but it can access and act on highly sensitive account functionality if you connect an account. Before installing or enabling: (1) Only connect Longbridge OAuth with the minimum scopes (prefer read-only) and require explicit confirmations for any order placement; (2) review and control triggers — the skill requests activation on any ticker/portfolio mention which may cause unintended calls; (3) do not run curl | sh install scripts blindly — prefer Homebrew or inspect the script first; (4) be aware the docs mention token cache paths (~/.longbridge/...), so the agent could try to use or read local tokens if present; (5) if you do not want the agent to place trades, avoid granting trade scopes or self-host MCP with restricted tools. These precautions will reduce the risk of accidental data exposure or unintended trading actions.Like a lobster shell, security has layers — review code before you run it.
latestvk97czw0aagf78k7r9gex0wfbq583ncyq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.