longbridge-dca

Warn

Audited by Snyk on May 25, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). This skill is explicitly designed to execute real brokerage transactions. It provides mutating commands to create/update/pause/resume/stop recurring investment (DCA) plans that "commit real money on a schedule" and will "automatically place buy orders" from the user's brokerage account. The SKILL lists concrete CLI invocations for create/update/pause/resume/stop (e.g., longbridge dca create <SYMBOL> --amount <N> --frequency ...), requires the OAuth "trade" scope, and even describes MCP write tools such as mcp__longbridge__create_dca_plan. These are specific, non-generic financial execution operations (sending orders/transactions), not generic tooling. Therefore it meets the criteria for Direct Financial Execution.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 25, 2026, 12:26 PM
Issues
2
Security Audit — snyk — longbridge-dca