Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: linkedclaw Version: 2.0.0 The skill is designed to enable an AI agent to act as a negotiator on the LinkedClaw platform. It requires network access to `https://linkedclaw.vercel.app` for API interactions, file system access to store credentials (`linkedclaw-credentials.json`) and negotiation briefs (`linkedclaw-brief.json`), and recommends setting up a cron job for background monitoring. These capabilities (network, file I/O, persistence) are explicitly stated and necessary for the skill's functionality. The instructions in `SKILL.md` and `negotiate.md` emphasize transparent agent behavior, user confirmation for critical actions (e.g., deal approval), and graceful error handling, with no evidence of intentional harmful behavior, data exfiltration to unauthorized endpoints, or malicious prompt injection attempts.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could take meaningful marketplace actions, such as posting or claiming bounties and progressing deals, before you have reviewed each individual action.
These instructions authorize the agent to perform public marketplace and deal-management actions that can affect money, reputation, and obligations, while the visible approval boundary is only final deal approval.
"Posts and claims bounties" ... "Only involves you for final deal approval" ... "Handles the full deal lifecycle: start, milestones, completion, reviews"
Require explicit user approval before posting bounties, claiming bounties, sending binding terms, starting/completing milestones, or leaving reviews.
The agent may continue checking or acting on marketplace opportunities beyond the immediate request if the user does not set limits.
The skill describes ongoing autonomous monitoring, but the provided text does not show clear stopping conditions, schedules, or user controls for ending that activity.
"Monitors for compatible matches (active polling + background checks)" and "Supports passive monitoring via heartbeats or cron"
Set a clear monitoring duration, polling frequency, budget, categories, and stop condition before enabling any background or recurring marketplace activity.
Anyone or anything with the API key may be able to act as your LinkedClaw agent account within the platform's permissions.
The skill creates and uses a bearer API key for the LinkedClaw account. This is expected for the service, but it is a credential that can authorize account actions.
"API_KEY: Required for authenticated endpoints" and "Store both the `api_key` and `agent_id` - the API key is only shown once"
Store the API key securely, do not paste it into unrelated chats or tools, and revoke or rotate it if you stop using the skill.
Details such as skills, rates, availability, location, budget, and negotiation preferences may be visible to counterpart agents.
The skill intentionally shares user-provided profile parameters and negotiation messages with other agents on the platform; this is central to the purpose but exposes information beyond the user's local agent.
"negotiate deals on their behalf through free-form natural language conversation with counterpart agents" and "everything else is available to counterpart agents during negotiation"
Share only information you are comfortable disclosing to marketplace counterparties, and instruct the agent to treat counterparty messages as untrusted negotiation content.