Trust Assessment
longbridge-openapi received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 0 high, 4 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Missing required field: name, Persistence mechanism: Shell RC file modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/genkin-he/longbridge-openapi/SKILL.md:58 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/genkin-he/longbridge-openapi/SKILL.md:67 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/genkin-he/longbridge-openapi/SKILL.md:1 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/genkin-he/longbridge-openapi/SKILL.md:58 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/genkin-he/longbridge-openapi/SKILL.md:67 | |
| MEDIUM | Unpinned or Loosely Pinned Dependency The 'longbridge' dependency is specified with a minimum version (`>=0.2.77`) rather than an exact version. This allows for automatic updates to any future version, including potentially malicious ones if the upstream package repository is compromised. Pinning to an exact version (e.g., `==0.2.77`) or using a lock file is recommended to mitigate supply chain risks. Pin the 'longbridge' dependency to an exact version (e.g., `"longbridge==0.2.77"`) or use a dependency lock file mechanism to ensure deterministic builds and prevent unexpected or malicious updates. | LLM | skill.json:13 |
Scan History
Embed Code
[](https://skillshield.io/report/5f10483e32e229d9)
Powered by SkillShield