Linkedin Bm
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This instruction-only LinkedIn skill is mostly transparent, but it asks the agent to use your authenticated LinkedIn session or cookie and can act on your account, so it deserves careful review.
Install only if you are comfortable letting the agent access your LinkedIn account. Prefer a dedicated isolated browser session, avoid copying the li_at cookie, review every message or connection action before approval, and sign out or clear the session when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If mishandled, a LinkedIn session cookie or persistent browser session could let the agent or anyone with access to it read messages, view account data, or perform actions as the user.
The skill asks the agent/user to rely on a live authenticated browser profile, a persistent LinkedIn session, or LinkedIn's li_at session cookie. That cookie/session can grant broad account access, while the artifact does not define exact API scope, retention, or deletion controls.
Use `browser` tool with `profile="chrome"` ... Session persists for future use ... extract the `li_at` cookie ... Store securely for API requests
Prefer an isolated browser profile over copying cookies, do not paste or store the li_at cookie unless absolutely necessary, and sign out or revoke sessions after use. The skill should document exact cookie storage, retention, deletion, and API-use boundaries.
A mistaken or poorly supervised browser action could send an unwanted message, connection request, or other LinkedIn interaction.
The browser tool can perform state-changing account actions such as sending messages or connection requests. The instructions do require user confirmation, which makes this purpose-aligned, but users should recognize the impact.
Use browser automation to interact with LinkedIn - check messages, view profiles, search, and send connection requests ... Use `browser action=act` with click/type actions ... Always confirm message content before sending
Require explicit confirmation for every message, connection request, or profile/network mutation, and review the exact text and target before allowing the browser action.
The agent may remain able to access LinkedIn in later sessions unless the user signs out or clears the browser profile.
The artifact discloses persistent authenticated browser state. There is no evidence of hidden background execution, but persistent login state means access can continue across future invocations.
Log in manually (one-time setup) ... Session persists for future use
Use a dedicated isolated profile, periodically clear the session, and sign out when you no longer want the skill to have LinkedIn access.
The mismatch does not show malicious behavior, but it makes it harder to verify who packaged the skill and whether this is the intended listing.
The included _meta.json identifiers differ from the submitted registry metadata, which lists a different owner ID and the slug linkedin-bm. With no source repository or code package, provenance is limited.
"ownerId": "kn7fsrcz4428cmw3xb91h4t4dh7ztjxx", "slug": "linkedin"
Confirm the publisher and listing identity before installing, especially because the skill asks for access to a sensitive LinkedIn session.