LinkedIn Bulk Connect

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about bulk LinkedIn outreach, but it controls a logged-in account to send real connection requests and includes explicit anti-detection instructions.

Install only if you are comfortable with an agent operating your logged-in LinkedIn session and sending bulk connection requests from your account. Use small reviewed batches, confirm each recipient or batch before sending, keep a backup of the spreadsheet, avoid confidential lead lists, and do not use the anti-detection workflow to bypass LinkedIn warnings, limits, or platform rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is broad enough to match generic outreach or prospecting requests, which can cause the agent to invoke bulk LinkedIn automation in contexts where the user did not explicitly ask for platform automation. In this skill, that risk is heightened because the behavior performs external actions on a third-party account and includes anti-detection guidance, so accidental invocation can lead to unintended account activity and policy-violating automation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to modify the user's CSV/TSV by adding a new column and rewriting the file, but it does not require an explicit user-facing warning or confirmation immediately before making that change. This is dangerous because it can alter source data, break formatting or downstream workflows, and overwrite files in a bulk-action workflow where the user may not expect destructive edits.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill directs the agent to create a 'linkedin_progress.json' sidecar file without clearly disclosing that an additional artifact will be written to disk. Even though the file is low sensitivity, undisclosed persistence can surprise users, leak operational metadata, and clutter or interfere with directory contents and automation pipelines.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow automates repeated LinkedIn connection requests and does so without any explicit user-facing warning about account restrictions, anti-automation enforcement, privacy implications, or consent expectations for outreach targets. In a skill specifically designed for bulk social-network actions, omission of these warnings increases the chance of misuse and exposes users to platform sanctions and recipients to unwanted automated contact.

Ssd 4

Medium

Confidence: 99% confidence
Finding: This workflow does more than automate navigation: it explicitly instructs the agent to avoid detection by routing through the feed between profiles, waiting fixed intervals, reusing tabs, and using fallback search paths to continue sending requests. Those are anti-detection and resilience techniques that materially enable evasive bulk automation against a third-party platform, increasing the likelihood of policy circumvention at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal