ClawHub

Linkedin Ads CLI

v1.0.0

LinkedIn Ads data analysis and reporting via linkedin-ads-cli. Use when the user wants to check LinkedIn ad performance, pull campaign analytics with pivot b...

0· 31·0 current·0 all-time
by@bin-huang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (LinkedIn Ads reporting) match the instructions: all commands, entity hierarchy, and authentication relate to the LinkedIn Marketing API and the linkedin-ads-cli tool. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to use the linkedin-ads-cli binary and to obtain a LinkedIn OAuth2 bearer token; it references only the CLI, environment variable LINKEDIN_ADS_ACCESS_TOKEN, and a credentials file under ~/.config/linkedin-ads-cli/credentials.json — all consistent with the stated purpose. The instructions do not ask the agent to read unrelated system files or exfiltrate data.
Install Mechanism
There is no install spec in the skill bundle (instruction-only), which minimizes written-to-disk risk. The doc suggests installing via `npm install -g linkedin-ads-cli`; recommending an npm package is reasonable but does carry the usual npm-package risk (typosquatting/malicious package). The skill itself does not perform installs or fetch arbitrary URLs.
Credentials
The only credential surface is a LinkedIn OAuth2 token (or credentials file). Required OAuth scopes listed are read-only (r_ads, r_ads_reporting, r_organization_social) appropriate for reporting/analytics. No unrelated secrets or multiple external credentials are requested.
Persistence & Privilege
Skill is instruction-only, has no install hooks, and is not always-enabled. It does not request persistent elevated privileges or modifications to other skills or system-wide settings.
Assessment
This skill appears coherent and limited to read-only LinkedIn Ads queries, but take these precautions before installing/using it: 1) Verify the npm package name and publisher (avoid typosquatting) before running `npm install -g linkedin-ads-cli`. 2) Provide an OAuth token with least privilege and scopes needed; prefer a short-lived or revocable token. 3) Store the token in a secure place (environment variable or credential file with restrictive permissions). 4) Confirm the CLI commands you run and review any output before sharing it externally. 5) If you stop using the tool, revoke the token or remove credentials from disk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97egbrxz3mrt4ryzmgx3wbrzs84d9v2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments