LinkedIn CLI
PassAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated LinkedIn CLI purpose, but it handles sensitive LinkedIn session cookies and private account data.
Install only if you are comfortable giving the tool access to your LinkedIn session cookies and allowing it to display profile, feed, and recent message data. Use a trusted machine and Python environment, and log out of LinkedIn to invalidate the cookies if you later decide to stop using it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the environment variables are exposed or the command is run in an unintended context, someone could potentially reuse the LinkedIn session cookies to access the account.
The code uses LinkedIn browser session cookies as account credentials. This is disclosed and matches the skill purpose, but these cookies are sensitive and may grant broader account access than the read-only CLI actions shown.
li_at = os.environ.get("LINKEDIN_LI_AT")
jsessionid = os.environ.get("LINKEDIN_JSESSIONID")
...
jar.set("li_at", li_at, domain=".www.linkedin.com")
jar.set("JSESSIONID", jsessionid, domain=".www.linkedin.com")
...
return Linkedin("", "", cookies=jar)Only use this in a trusted local environment, avoid sharing logs or shells that contain the cookies, and revoke the session by logging out of LinkedIn if the cookies may have been exposed.
A compromised or unexpected version of the dependency could receive the LinkedIn session cookies used by this tool.
The dependency is installed manually without a pinned version. This is normal for a simple CLI, but the dependency is part of the credential-handling path and should be trusted.
Requires the `linkedin-api` Python package: ```bash pip install linkedin-api ```
Install the dependency from a trusted package source, consider pinning a known-good version, and use an isolated Python environment.