Linkedin Cli

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a LinkedIn posting helper, but its documentation also exposes a post-deletion command while saying it is only for posting.

Review before installing. Only use this with a LinkedIn account where you are comfortable granting post management authority, and require explicit user confirmation before any delete action. The publisher should clarify the documentation or remove the delete command if the skill is meant to be posting-only.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill metadata and description repeatedly characterize the tool as 'posting only,' but the documented command set includes `linkedin-cli delete`, which is a destructive capability. This mismatch can mislead an agent or reviewer into granting the skill broader trust than intended, increasing the chance of unauthorized or accidental deletion of LinkedIn content.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documentation explicitly states the tool is 'for posting only' and cannot do more than posting, yet it immediately documents a delete command. This is a high-risk integrity issue because an autonomous system may rely on the natural-language safety boundary and invoke a destructive operation that operators did not expect the skill to possess.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal