ClawHub

Longbridge

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Longbridge finance/developer skill, but it should be used carefully because it can access brokerage data and guide real trading operations after authorization.

Install only if you intend to connect Longbridge tools to an agent. Use least-privilege OAuth scopes, require explicit confirmation before any order placement, replacement, or cancellation, avoid granting trading permissions for read-only analysis, and inspect the CLI installer before running the curl-to-shell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger definition is extremely broad: it activates on essentially any stock ticker mention, market-analysis request, portfolio-related phrase, or Longbridge-related developer task. In an agent setting, this can cause the skill to intercept ordinary conversation and push the model toward external financial-data retrieval or trading-oriented guidance without clear user intent boundaries, increasing the risk of inappropriate tool use and unintended handling of sensitive financial context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow explicitly says to run `longbridge positions` when the user asks about 'my portfolio', but it does not require a privacy warning, confirmation, or data-minimization step before accessing account-related holdings. In a financial skill, portfolio and positions data are highly sensitive, so automatic retrieval increases the chance of exposing private account information or over-collecting data beyond what the user intended.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to pipe a remotely fetched script directly into `sh`, which removes the opportunity to inspect the script before execution and makes the install path vulnerable to repository compromise, CDN/network tampering, or accidental publication of unsafe installer logic. In an AI-agent and scripting-oriented CLI, this is more dangerous because users and agents may copy or automate the exact command without scrutiny.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The CLI auto-detects whether the user is in China Mainland by probing a network endpoint and then silently switches to `.cn` endpoints, which changes data routing and trust boundaries without explicit user consent. This creates privacy and compliance concerns, and may surprise users or downstream automation that assumes a fixed region or endpoint set.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation shows how to submit, replace, and cancel live orders without any explicit warning that these calls can execute real trades against a brokerage account. In an agent skill that triggers on broad investing and developer requests, this increases the chance that downstream systems or users copy the examples into automation and perform unintended financial actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
These examples demonstrate submitting, replacing, and cancelling orders against a real trade context without any warning that the calls can affect live brokerage accounts. In a skill explicitly triggered for investment analysis and developer tasks, users may copy and run snippets directly, increasing the chance of unintended live trades or order modifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The complete example goes beyond API shape demonstration and places a live limit buy order after loading credentials from environment variables, with no disclaimer about financial risk or operational consequences. Because this skill is designed to assist with market, portfolio, CLI, and SDK workflows, the context makes copy-paste execution especially plausible and raises the likelihood of accidental real-money activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal