Back to skill
Skillv0.1.0
VirusTotal security
Linkedin Cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:58 AM
- Hash
- e9549d270c000bca79b56371a25d77c502b208925d02b43ecc28046693493792
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: linkedin-cli-2 Version: 0.1.0 The skill is classified as suspicious due to its reliance on installing an external npm package from a GitHub repository (`github:0xmythril/linkedin-cli`) via `npm install -g` as specified in `SKILL.md`. While the installation is pinned to a specific version and the skill's documentation claims the package is secure with no postinstall scripts or telemetry, installing external dependencies from a remote source introduces a supply chain risk. This constitutes a risky capability without clear malicious intent, aligning with the 'suspicious' classification threshold.
- External report
- View on VirusTotal