ClawHub

longbridge-stock

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate Longbridge stock/account helper, but it can expose sensitive brokerage balances and holdings too broadly.

Install only if you intentionally want an agent to use your Longbridge credentials. Keep the config outside shared workspaces and repositories, restrict file permissions, rotate tokens if exposed, and instruct the agent to run balance or position queries only after you explicitly ask for account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation indicates capabilities to read environment variables and local files in order to locate `.longbridge_config`, but it does not declare corresponding permissions. Undeclared capability use weakens transparency and consent controls, and can lead to accidental access to sensitive credentials such as API keys and access tokens.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is overly broad: it says to use the skill whenever a user mentions stock prices, market data, portfolio value, or named equities, even when Longbridge is not mentioned. This can cause the agent to trigger a brokerage-linked skill in situations where the user only wanted general financial information, increasing the chance of unnecessary access to account-connected functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description advertises account balance and position queries but does not warn that these actions involve sensitive financial account data. In context, this is more dangerous because the skill is intended for a brokerage integration, so ambiguous invocation could expose holdings, buying power, or balances without adequate user awareness.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This script loads API credentials and retrieves highly sensitive brokerage holdings data, yet provides no consent gate, privacy notice, or output minimization before exposing the information to stdout. In an agent-skill context, that increases the chance of surprising disclosure of portfolio composition and account-related financial data to logs, calling systems, or users who did not explicitly request account access.

Session Persistence

Medium
Category
Rogue Agent
Content
## Configuration

Create `.longbridge_config` in one of these locations (priority order):

1. Environment variable: `LONGBRIDGE_CONFIG=/path/to/.longbridge_config`
2. `<skill-dir>/.longbridge_config`
Confidence
88% confidence
Finding
Create `.longbridge_config` in one of these locations (priority order): 1. Environment variable: `LONGBRIDGE_CONFIG=/path/to/.longbridge_config` 2. `<skill-dir>/.longbridge_config` 3. `<skill-dir>../

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal