ClawHub

LinkedIn Follow-up

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent broad authority over LinkedIn messages and Google Sheets CRM data, including anti-detection guidance and persistent private conversation logging.

Install only if you intentionally want an agent to operate through your logged-in LinkedIn account and a Google Sheet CRM. Confirm the Sheet ID is yours, restrict sheet sharing, review each recipient and exact message before sending, avoid unattended batch sends, and consider removing or ignoring the anti-detection and local plaintext logging instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to visit LinkedIn feed first for 'anti-detection' before performing automated outreach actions. This is not necessary for CRM management and instead facilitates concealment of automation from LinkedIn's defenses, increasing the likelihood of stealthy policy-violating mass messaging or account abuse.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The dedicated 'Anti-Detection Rules' section gives operational guidance for evading platform monitoring by rate-limiting, spacing messages, and simulating natural behavior. That materially enables stealth automation against a third-party platform and goes beyond the legitimate purpose of tracking outreach in a sheet.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The Mode 1 trigger examples are broad enough that ordinary user statements about a contact replying could activate sheet updates without strong confirmation or scoping. In a skill that modifies CRM records, loose activation boundaries can lead to unintended data changes, status corruption, or acting on the wrong lead.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Mode 2 phrases like 'Follow up with Rishabh' are common natural-language requests that can trigger a workflow involving live thread scraping, message drafting, and sending. Because this skill can access conversation content and transmit outbound messages, ambiguous activation increases the risk of unintended privacy exposure or unauthorized communications.

Vague Triggers

Low
Confidence
77% confidence
Finding
The Batch Review activation phrases are vague and could match general requests about outreach, causing the skill to enumerate CRM entries and suggest actions without sufficiently clear intent. While less severe than auto-send behavior, this can still expose contact data or initiate an unintended review workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly extracts entire LinkedIn message threads from the DOM and returns them as structured JSON, which exposes private communications to the agent runtime without any minimization, consent check, or warning. In this skill’s context, that data is then used for downstream processing and response generation, increasing the chance of over-collection, unintended retention, or disclosure of sensitive personal or business information contained in DMs.

Missing User Warnings

High
Confidence
98% confidence
Finding
The workflow instructs exporting message previews and full conversation logs from LinkedIn into Google Sheets, creating a secondary datastore of private communications outside the original platform. This materially increases exposure because sensitive messages may now be retained, shared, misconfigured, or accessed by additional users and tools, with no consent prompt, retention limit, or data-handling warning.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal