LinkedIn DM
v1.0.0Send personalized LinkedIn direct messages to a list of existing 1st-degree connections via browser automation. Use when the user wants to message LinkedIn connections with AI-personalized outreach — e.g. nurturing leads, following up after events, reconnecting with contacts, or announcing something. Takes a data file (CSV/TSV) or plain list with connection names and companies, asks for outreach context/goal, generates a tailored message per person, and sends each one via browser automation. Handles message compose flow, character limits, and incremental status tracking.
⭐ 1· 808·6 current·6 all-time
by@10madh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description align with its instructions: it personalizes and sends LinkedIn DMs via browser automation. However the SKILL.md relies on external tooling and browser profiles (a Chrome relay extension or OpenClaw-managed browser, and the 'gog' CLI for Google Sheets) that are not declared in the registry metadata (required binaries/env/config). That mismatch between claimed requirements and actual instructions is an inconsistency.
Instruction Scope
The runtime instructions direct the agent to navigate to and snapshot the sender's LinkedIn profile (/in/me/) and to snapshot each connection's profile to extract personal details (career history, education, posts). It also mandates navigating to /feed/ before every profile (explicitly to reduce automation detection). The skill instructs running JavaScript in the page to click Send and to append rows to Google Sheets with 'gog'. These actions access and collect sensitive personal data and perform outbound actions on the user's authenticated session; they are within the described purpose but broaden the scope of data accessed and include behavior (avoiding detection) worth noting.
Install Mechanism
There is no install spec (instruction-only), which is low-risk in itself. However the SKILL.md expects the 'gog' CLI to be available/authenticated and a browser relay extension or an OpenClaw-managed browser profile to be attached — none of these are listed in required binaries or install metadata. The absence of declared dependencies makes it unclear what the agent will actually need to run and may lead to hidden preconditions or ad-hoc user prompts at runtime.
Credentials
The registry lists no required credentials or env vars, but the skill relies on your authenticated LinkedIn browser session and on Google access via the 'gog' CLI (gog auth). It also writes progress to a local file (linkedin_dm_progress.json) and appends rows to Google Sheets. Requesting/using your LinkedIn session cookies and Google sheet access is proportionate to sending messages and logging results, but the metadata should declare these needs. The skill asks for broad read access to profile and connections data (sensitive); ensure you accept that level of access before use.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not modify other skills. It will write per-run logs locally and append to a Google Sheet. A remaining risk is operational: autonomous invocation of this skill (the platform default) would allow it to send messages on your behalf; because the skill can send many messages, users should verify invocation controls and approvals before enabling autonomous runs.
Scan Findings in Context
[regex-scan-none] expected: No code files were present so the regex-based scanner had nothing to analyze. This is expected for an instruction-only skill, but it means the SKILL.md is the primary surface to review.
What to consider before installing
This skill will read your LinkedIn profile and connection profiles, compose personalized messages, and send them using your logged-in browser session; it will also append rows to a Google Sheet (via the gog CLI) and write a local progress file. Before installing/using it: 1) Confirm you trust the skill source — it is listed as 'unknown' with no homepage. 2) Ensure required tools exist: the SKILL.md expects a browser relay/extension or OpenClaw-managed browser and the 'gog' CLI (authenticated). The registry metadata does not declare these, so be prepared to install/authorize them manually. 3) Test on a small set or a test account to validate behavior (and to avoid accidental bulk messaging). 4) Review permissions and OAuth scopes for any Google/CLI authentication and be aware messages will be sent from your account. 5) Consider compliance and spam policies — the skill includes explicit guidance to avoid detection (navigate to feed before each profile) which increases operational risk. If you cannot verify the extension/relay code or the provenance of this skill, avoid granting it access to your real LinkedIn account or Google Sheets.Like a lobster shell, security has layers — review code before you run it.
latestvk971wj93zw61211tckk2f3vxqx812tc4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.