Back to plugin

Security audit

LinkedIn API

Security checks across malware telemetry and agentic risk

Overview

The package appears to be a coherent ClawHub registry client whose file, network, token, and install behaviors match its stated purpose.

Install if you want a CLI that can manage ClawHub skills and OpenClaw packages. Review commands before using publish, delete/moderation, token-printing, or force-install options, and protect the stored ClawHub token like any other API credential.

VirusTotal

58/58 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
index.js:231
Evidence
const apiKey = [REDACTED] || readAgntConfig()?.apiKey