ClawHub

LongbridgeAssistant

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform local portfolio monitoring, but it handles brokerage credentials and includes monetization plans around user financial data that need careful review.

Review before installing. Use a least-privilege or read-only Longbridge token if available, protect ~/.longbridge/env with restrictive file permissions, avoid sharing generated charts or logs, and do not use the skill unless you are comfortable with bundled business-plan text discussing user-data monetization and higher-risk financial services even though no exfiltration or trade execution code was found.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The monetization document expands the skill from portfolio monitoring and alerts into automatic trading and asset-management services, which are materially higher-risk financial activities than the declared assistant scope. In an investing context, undocumented trading or advisory execution capabilities can mislead users, create unsafe expectations, and drive deployment of functions that require additional controls, disclosures, authorization, and regulatory review.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This section proposes selling anonymized user data and embedding broker referrals/advertising without those practices being reflected in the skill description or consent model. For a financial skill handling holdings and portfolio data, hidden monetization of user data or conflicted referrals creates privacy, trust, and compliance risks, especially because investment data is highly sensitive and potentially re-identifiable even after anonymization.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
Reintroducing automatic trading in later-stage plans reinforces a mismatch between stated functionality and promoted behavior, which is particularly dangerous for a securities-related assistant. Users may rely on the skill as if it can execute trades or manage positions autonomously, increasing the risk of unauthorized actions, financial loss, and regulatory exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The release notes promote automated monitoring of a brokerage account and instruct users to store API credentials, but they do not clearly warn that the skill accesses highly sensitive financial holdings data and authentication tokens. In a brokerage context, missing disclosure increases the chance that users expose account information or provision tokens without understanding the privacy and account-security implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest explicitly requests highly sensitive broker credentials, including an app secret and access token, but provides no user-facing disclosure about what data will be accessed, what actions may be taken on the brokerage account, or how the credentials are handled. In an investment skill, these secrets can expose portfolio holdings and potentially enable trading or other account actions, so undisclosed credential access materially increases the risk of account compromise or unauthorized financial activity.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script blindly imports all variables from a user-specific file using shell expansion, with no validation, no disclosure to the user, and no restriction on which variables may be set. In an investment-assistant context, environment variables are likely to include API keys, account identifiers, notification endpoints, or behavior-controlling settings, so loading them implicitly can enable unsafe configuration, secret misuse, or unintended connections if that file is modified or poisoned.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal