LinkedIn Scraper
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: linkedin-scraper Version: 1.0.0 The OpenClaw skill 'linkedin-scraper' is designed to scrape public LinkedIn profile data using the user's authenticated Chrome browser session and store it locally in a DuckDB workspace. The `SKILL.md` explicitly outlines defensive measures against LinkedIn's rate limits and bot detection, and critically, includes a 'Safety' section that instructs the AI agent to 'Never scrape private/restricted profiles', 'Respect LinkedIn's robots.txt', and 'Store data locally only (DuckDB) — never exfiltrate'. There is no evidence of prompt injection for malicious purposes, data exfiltration, unauthorized execution, persistence mechanisms, or obfuscation. The instructions are clear and align with the stated purpose, making it a benign tool for user-assisted data collection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your LinkedIn account could be rate-limited, challenged, restricted, or associated with automated scraping of other people's profile data.
The skill directs browser automation to scrape LinkedIn profiles in bulk and includes explicit anti-detection behavior, which is materially risky even though it also says to stop on CAPTCHA.
Search + Bulk Scrape ... For each profile URL: open → snapshot → parse full profile ... Maximum 80 profiles per session ... Randomize delays between 3-8 seconds (avoid detection) ... Stealth Patterns
Do not use stealth/avoid-detection scraping workflows. Require explicit per-run approval, strict limits, and prefer official, terms-compliant APIs or exports.
Actions and access may be attributed to your LinkedIn account, and your logged-in browser session is used for bulk data collection.
The skill relies on the user's authenticated browser session rather than a scoped API credential, so automation runs with the user's LinkedIn account access.
Scrape LinkedIn profiles and search results using the user's authenticated Chrome browser session. No API keys needed — uses the browser tool with the Chrome profile relay.
Use a dedicated/sandboxed browser profile if used at all, declare this session dependency clearly, and require user confirmation before any authenticated browsing or scraping.
Scraped names, jobs, education, locations, and profile URLs may remain in your local workspace and be reused in later workflows.
The skill can persist scraped LinkedIn profile and lead data in a local workspace database, which is purpose-aligned but creates retained personal-data records.
Return structured JSON or insert into DuckDB ... Batch insert into DuckDB ... INSERT INTO v_leads
Set clear retention, deletion, and access rules for any saved lead data, and avoid storing information you are not allowed to collect or keep.
You have limited external provenance information to judge who authored the scraping instructions or whether they align with your policies.
There is no executable package to inspect, which limits install-time risk, but provenance is unclear for a skill that requests sensitive browser-session automation.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the skill text carefully before use and prefer skills from known sources for workflows involving authenticated accounts.