ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LinkedIn Autopilot

v1.1.0

Your agent builds your LinkedIn presence while you sleep. Schedule posts, auto-engage with target accounts, run personalized DM sequences, and never miss an engagement opportunity. Handles connection requests, profile visiting campaigns, post engagement, and follow-up sequences with safety throttling and human-like behavior patterns. Configure your targets, define engagement rules, and let your agent network 24/7. Use when setting up LinkedIn automation, managing posting schedules, running engagement campaigns, or building agent-driven LinkedIn lead generation workflows.

0· 1.2k·3 current·3 all-time
by@audsmith28
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (LinkedIn automation) matches the delivered artifacts: shell scripts that perform browser automation, a config example for targeting/posts/sequences, and explicit instructions to provide LinkedIn credentials. Requested env vars (LINKEDIN_EMAIL, LINKEDIN_PASSWORD) are appropriate for browser logins.
Instruction Scope
SKILL.md and the scripts instruct the agent to read/write user config and state under $HOME (e.g., ~/.config/linkedin-autopilot and ~/.clawdbot/secrets.env) and to perform browser actions (login, send DMs, send connection requests). That is expected for this purpose, but note the guidance to store plain credentials in a secrets.env file and the use of platform-specific 'clawd' browser/message actions — these are powerful (they drive your account) and should be used only with credentials you trust to automate.
Install Mechanism
No install spec or external downloads. All code is included as shell scripts. No URLs, package installs, or extracted archives are present, so installation risk is low.
Credentials
Only LINKEDIN_EMAIL and LINKEDIN_PASSWORD are required, which is proportionate. Small inconsistency: SKILL.md/metadata declare env vars, but setup instructions point users to put credentials in ~/.clawdbot/secrets.env rather than describing how that file is loaded into environment — the scripts expect environment variables at runtime. No other unrelated credentials are requested.
Persistence & Privilege
The skill persists state under ~/.config/linkedin-autopilot and suggests storing credentials in ~/.clawdbot/secrets.env. It does not request always:true and does not modify other skills. Allowing autonomous invocation (default) means the agent can run these scripts using your credentials — this is normal for skills but increases operational risk (account actions while unattended).
Assessment
This package is coherent with its stated purpose, but take these precautions before installing: - Credential handling: The skill requires your LinkedIn email and password. Prefer storing them in a secure secret store and ensure ~/.clawdbot/secrets.env (if used) has tight permissions (chmod 600). Understand that providing a password allows the skill to log in and act as you. - Account risk: Automated actions (DMs, connection requests, mass engagement) can trigger LinkedIn security checks or ToS violations and may result in account restrictions. Start in dry-run mode, use low rate limits, and test with a low-risk account first. - 2FA and session handling: The config mentions 2FA handling as 'manual_prompt' — be prepared to handle prompts. Confirm how the platform will surface 2FA challenges. - Reporting channels: The example reporting channel is 'telegram' but no Telegram credentials are provided; configure reporting destinations securely if you enable alerts. - Autonomy: The skill can be invoked autonomously by the agent (normal default). If you do not want the agent to run unsupervised, disable autonomous invocation or restrict when it can run. - Review and sandbox: Scripts are mostly placeholders that call platform-specific browser actions ('clawd browser ...'). Review any real automation commands that would be added, and consider running in a controlled sandbox or with a test LinkedIn account first. If you want further assurance, provide details on how credentials are loaded (how secrets.env is ingested into environment) or request that the skill be adapted to use a safer auth flow (OAuth or ephemeral sessions) if available.

Like a lobster shell, security has layers — review code before you run it.

latestvk978cmanpbvv1xtxrq3568hwvx80yeta

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
EnvLINKEDIN_EMAIL, LINKEDIN_PASSWORD

Comments