ClawHub

Linkedin Bm

Security checks across malware telemetry and agentic risk

Overview

This LinkedIn automation skill is mostly transparent, but it asks users to copy and store a powerful LinkedIn session cookie without enough safeguards.

Use the browser relay or isolated browser login flow rather than copying cookies. Install only if you are comfortable letting an agent operate a logged-in LinkedIn session, and require explicit review before any message, connection request, or repeated account action. Avoid sharing or pasting li_at into chat or logs; if exposed, log out of LinkedIn sessions and rotate credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill description is broad enough to invite use for multiple LinkedIn actions without clearly constraining when and how it should be invoked. In an automation context tied to messaging, profile viewing, and network actions, vague triggering increases the chance of unintended outreach, scraping, or other sensitive account actions being initiated under ambiguous user requests.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users to extract the `li_at` session cookie, which is effectively an authentication credential, but do not clearly warn that possession of this value can grant full account access and may violate platform policies. Encouraging manual extraction and reuse of a live session token materially increases the risk of credential theft, account takeover, insecure storage, and accidental exposure to logs or third parties.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal