Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LinkedIn Bulk Connect
v1.1.0Send LinkedIn connection requests to a list of people via browser automation and track status in a CSV/TSV file. Use when the user wants to bulk-connect with a list of people on LinkedIn (founders, speakers, leads, etc.) from a spreadsheet or list containing LinkedIn profile URLs. Handles Connect button, Follow-mode profiles, already-connected detection, stale URL fallback via LinkedIn search and Google search, and incremental status tracking.
⭐ 1· 995·0 current·0 all-time
by@10madh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the runtime instructions: the SKILL.md and reference file give step-by-step browser automation to open profiles, click Connect/Invite, and write per-profile status into a CSV/TSV. There are minor mismatches: the README includes a short Python snippet for adding a column but the skill declares no required binaries or runtime — this is a small documentation gap (not a functional contradiction).
Instruction Scope
The instructions explicitly direct the agent to control the user's browser (navigate, click, take snapshots) and to read/write the user's TSV/CSV file. That is expected for this purpose, but it means page snapshots will capture profile content and the agent will act using the user's authenticated LinkedIn session. The workflow also instructs performing Google searches from the LinkedIn tab and repeatedly visiting the feed to evade LinkedIn detection — these are operational choices that have privacy and account-safety implications but are within the skill's stated scope.
Install Mechanism
This is an instruction-only skill with no install spec and no downloaded code; that is the lowest install risk. It does require the user to install/enable an OpenClaw Browser Relay Chrome extension for one recommended mode, which is a separate trust decision outside the skill bundle.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. However, it relies on an already-authenticated browser tab (cookies/session) and optionally an extension (Browser Relay) that has access to browsing context — effectively the skill will act with your LinkedIn account privileges. This is expected for a browser-automation connector but is an important privacy/credential consideration.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modify other skills' configurations. It runs only when invoked and uses the browser tooling invoked during the session.
Assessment
Before installing/using: (1) Understand this will act using your logged-in LinkedIn session (no explicit API key is required) — the browser-relay extension or OpenClaw-managed browser must be trusted because it can access your pages and cookies. (2) Automating connection requests can trigger LinkedIn detection and may violate LinkedIn policies; test on a spare account and keep conservative rates. (3) Back up the CSV/TSV before running (the skill reads/writes it). (4) Review and consent to any outreach you send on behalf of your account; avoid scraping or sending to people who did not opt in. (5) The README includes a Python snippet to update files but does not declare a Python requirement — ensure your runtime can safely run any local helper code before executing it.Like a lobster shell, security has layers — review code before you run it.
latestvk97d43n3ae9c45tetknj77j4g181270x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.