Back to skill

Security audit

LinkedIn CLI

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it asks for live LinkedIn session cookies and can print private messages, so users should review the privacy and account-access risk before installing.

Install only if you trust this skill, the linkedin-api dependency, and the machine running it with access to your LinkedIn session. Treat the cookie values like passwords, avoid exposing them in shell history or logs, and consider logging out or rotating the session if they are no longer needed or may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill requires access to sensitive environment variables and network connectivity but does not declare permissions explicitly, reducing transparency around what secrets and capabilities it uses. In this context, the undeclared use is meaningful because the skill authenticates with live LinkedIn session cookies, so users may expose high-value credentials without clear permission signaling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to manually extract `li_at` and `JSESSIONID` session cookies and place them in environment variables without warning that these are effectively bearer tokens for the user's LinkedIn account. This can lead to account takeover, privacy exposure, and unauthorized access if the values are mishandled, logged, reused, or stolen by other local processes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This function retrieves private LinkedIn conversations and prints message snippets directly to stdout without any consent prompt, privacy warning, or output redaction. In a shared terminal, logs, demos, or agent-executed environment, this can expose sensitive personal or business communications to unintended viewers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.