ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Longbridge

v1.0.0

Longbridge platform expert for investment analysis AND developer tasks. TRIGGER on ANY of: (1) any stock/market analysis request in any language — price perf...

0· 94·0 current·0 all-time
by@longbridge·duplicate of @huacnlee/longbridge-developers

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for longbridge/developers.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Longbridge" (longbridge/developers) from ClawHub.
Skill page: https://clawhub.ai/longbridge/developers
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install developers

ClawHub CLI

Package manager switcher

npx clawhub@latest install developers
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, CLI examples, Python/Rust SDK references, and MCP docs all consistently describe a Longbridge financial-data + developer integration. The declared lack of required env vars/binaries is coherent because this is an instruction-only skill that expects the platform or user to have the Longbridge CLI/SDKs available.
!
Instruction Scope
Runtime instructions tell the agent to call local 'longbridge' CLI, SDK methods, and the MCP server and instruct the agent to “always pull when user asks about 'my portfolio'.” That implies automatically accessing account positions and order endpoints (sensitive user account data) when invoked. The skill does not explicitly require user confirmation for data pulls in every case (though some docs recommend confirmation for order placement). This is expected behavior for a trading assistant, but it is scope-sensitive: users should expect the agent to read account positions and live market data when those triggers fire.
Install Mechanism
The skill has no install spec (lowest risk). The included docs recommend installing the CLI via Homebrew or via a curl | sh installer pointing at a GitHub raw URL. Curl|sh installs are common but inherently riskier than vetted package installs; the skill itself doesn't perform downloads, it only documents them.
Credentials
The skill declares no required env vars, but the reference files contain many environment variable names (SDK overrides, LONGBRIDGE_HTTP_URL, token cache paths, and examples referencing API key envs). Most references are proportional to a data/trading SDK, but there is a small inconsistency: some examples show OAuth/browser flows while a few examples call Config.from_apikey_env or Config.from_apikey_env-like functions (API-key-based config), which mixes auth models and could confuse implementers. No unrelated secrets (e.g., AWS keys) are requested.
Persistence & Privilege
always:false and no install spec. The skill is instruction-only and doesn't request permanent agent inclusion or modify other skills. It references client-side token caches (e.g., ~/.longbridge/openapi/tokens) which are typical for OAuth-based SDKs but does not itself persist data.
Assessment
This skill appears to be a coherent Longbridge data/trading assistant, but review these points before installing or enabling it: 1) Expect the agent to call your Longbridge tools and, when triggered, to fetch account positions and live data — ensure you want the agent to access that info and confirm the agent asks before placing orders. 2) The skill is instruction-only; it assumes the Longbridge CLI/SDK and OAuth tokens live on the host. If you install the CLI follow your normal security policies (prefer package manager installs or verify the install script source rather than piping unknown scripts directly). 3) Check OAuth scopes when connecting MCP or the CLI (least-privilege) and verify token storage on your client. 4) Note small doc inconsistencies (OAuth vs. API-key examples) — if you rely on API keys vs OAuth, validate the auth method in your environment. If you want stronger guarantees, require the agent to ask for explicit permission before any account/positions queries or order operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk9724xtnvvdetcxjb6mjsecgqs83p80f
94downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@longbridge
latest
Download

Longbridge Developers Platform

Full-stack financial data and trading platform: CLI, Python/Rust SDK, MCP, and LLM integration.

Official docs: https://open.longbridge.com llms.txt: https://open.longbridge.com/llms.txt

For setup and authentication details, see references/setup.md.

Investment Analysis Workflow

When the user asks about stock performance, portfolio advice, or market analysis:

  1. Get live data via CLI — quotes, positions, K-line history, intraday
  2. Get news/catalysts via CLI — prefer Longbridge first; fall back to WebSearch only if insufficient
  3. Combine — price action + volume + catalyst → analysis + suggestion
# Market data
longbridge quote SYMBOL.US
longbridge positions                # always pull when user asks about "my portfolio"
longbridge kline-history SYMBOL.US --start YYYY-MM-DD --end YYYY-MM-DD --period day
longbridge intraday SYMBOL.US

# News & content (prefer these over WebSearch)
longbridge news SYMBOL.US           # latest news articles
longbridge news-detail <id>         # full article content
longbridge filing-detail <id>       # regulatory filing (earnings reports, etc.)
longbridge topics SYMBOL.US         # community discussion
longbridge market-temp              # market sentiment index (0–100)

Only fall back to WebSearch when Longbridge news is insufficient (e.g., breaking news not yet indexed, macro events unrelated to a specific symbol).

Choose the Right Tool

User wants to...                         → Use
─────────────────────────────────────────────────────────────────
Quick quote / one-off data lookup        CLI
Interactive terminal workflows           CLI
Script market data, save to file         CLI + jq  (or Python SDK)
Loops, conditions, transformations       Python SDK (sync)
Async pipelines, concurrent fetches      Python SDK (async)
Production service, high throughput      Rust SDK
Real-time WebSocket subscription loop    SDK (Python or Rust)
Programmatic order strategy              SDK
Talk to AI about stocks (no code)        MCP (hosted or self-hosted)
Use Cursor/Claude for trading analysis   MCP
Add Longbridge API docs to IDE/RAG       LLMs.txt / Markdown API

Symbol Format

<CODE>.<MARKET> — applies to all tools.

MarketSuffixExamples
Hong KongHK700.HK, 9988.HK, 2318.HK
United StatesUSTSLA.US, AAPL.US, NVDA.US
China ShanghaiSH600519.SH, 000001.SH
China ShenzhenSZ000568.SZ, 300750.SZ
SingaporeSGD05.SG, U11.SG
CryptoHASBTCUSD.HAS, ETHUSD.HAS

Reference Files

CLI (Terminal)

Always use longbridge --help to list available commands, and longbridge <command> --help for specific options and flags. Do not rely on hardcoded documentation — the CLI's built-in help is always up-to-date.

Python SDK

Rust SDK

AI Integration

  • MCP — hosted service, self-hosted server, setup & auth: references/mcp.md
  • LLMs & Markdown — llms.txt, open.longbridge.com doc Markdown, longbridge.com live news/quote pages (.md suffix + Accept header), Cursor/IDE integration: references/llm.md

Load specific reference files on demand — do not load all at once.

Comments

Loading comments...