ClawHub

Longbridge

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Longbridge finance helper, but it can lead an agent toward sensitive portfolio access and live trading actions without consistent confirmation safeguards.

Install only if you intend to use Longbridge for market data or brokerage workflows. Prefer read-only scopes, confirm before any account or trade action, avoid running live order examples unchanged, inspect remote install scripts before execution, and revoke Longbridge authorizations when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger scope is extremely broad: it activates on virtually any stock ticker mention, any market-analysis request, portfolio-related terms, and multiple developer workflows. This can cause unintended invocation in unrelated or only tangential contexts, increasing the chance that the skill accesses financial or account-related tooling when the user did not clearly intend to use Longbridge. In a finance/trading skill, overbroad activation is especially risky because it may steer the agent toward sensitive account and market-data operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to run `longbridge positions` whenever the user asks about 'my portfolio', but it provides no privacy notice, consent checkpoint, or data-minimization guidance. Because positions and account holdings are highly sensitive financial data, automatic retrieval can expose private information unnecessarily or before the user understands that account data will be accessed.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to pipe a remotely fetched script directly into `sh`, which executes whatever content is served at that URL without inspection, signature verification, or checksum validation. In an AI-agent and terminal automation context, this is especially risky because users or agents may copy it verbatim, turning any upstream compromise, MITM, or repository takeover into immediate code execution on the host.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The guidance encourages feeding live Longbridge product pages and news content directly into AI tools, but it does not warn users about privacy, prompt-injection, or data-handling risks when ingesting external web content into an LLM context. In this skill's context, that omission is more meaningful because the feature is explicitly aimed at AI/RAG integrations and market-analysis workflows, increasing the chance that sensitive portfolio data or trusted downstream automations could be combined with untrusted remote content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation provides copy-pasteable examples for submitting, replacing, and cancelling live orders without any explicit warning that these actions affect a real brokerage account and can trigger actual trades. In the context of an agent skill that activates broadly for market, portfolio, CLI, and SDK tasks, this increases the chance that users or downstream agents treat the example as safe demo code and execute it against production credentials.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The complete example culminates in placing a live buy order after loading API credentials from the environment, but it does not warn about financial loss, account impact, or the need for explicit user authorization. Because this skill is designed for both investment analysis and developer assistance, a user may reasonably interpret the example as a standard getting-started snippet and run it unchanged in a real account.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Available MCP Tools

When the MCP server is connected, available tools are automatically exposed to the AI — no hardcoded list needed. The AI can directly inspect and call all tools.

If you need to know what tools are available, ask the AI to list the connected MCP tools, or check the official docs: https://open.longbridge.com
Confidence
92% confidence
Finding
call all tools

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal