Security checks across malware telemetry and agentic risk
Overview
The skill is transparent about LinkedIn automation, but it relies on logged-in browser sessions and optional session-cookie handling that could give broad account access without clear storage or scope controls.
Review this skill carefully before use. It is coherent for LinkedIn automation, but only install it if you are comfortable with the agent seeing LinkedIn pages/messages and potentially acting in your account. Avoid the session-cookie method unless absolutely necessary, and require explicit approval before any message, connection request, acceptance, or other account-changing action.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent workflow with access to that cookie could potentially act as the user on LinkedIn until the session is revoked or expires.
`li_at` is a LinkedIn session credential. The skill asks for session-token handling but does not specify a bounded storage mechanism, API scope, expiry, or revocation process.
If browser relay isn't available, extract the `li_at` cookie from browser ... Copy `li_at` value ... Store securely for API requests
Prefer the manual browser login/relay path over copying cookies. If a cookie is used, keep it out of chat history, store it only in a trusted secret store, and log out or revoke the session after use.
Mistaken or insufficiently reviewed browser actions could send unwanted messages or change the user's LinkedIn network.
The browser tool can perform account-changing LinkedIn actions, but the skill does instruct confirmation before messages and connection actions.
Use `browser action=act` with click/type actions ... Always confirm message content before sending ... Never accept/send connection requests without confirmation
Require a final explicit user confirmation for every outgoing message, connection request, acceptance, or other account-changing action.
The agent may see sensitive LinkedIn messages, notifications, profile details, or contact information during normal use.
Browser snapshots of LinkedIn messages and notifications can place private professional communications into the agent's context.
View Notifications/Messages ... browser action=navigate profile=chrome targetUrl="https://www.linkedin.com/messaging/" ... browser action=snapshot profile=chrome
Use this only for threads and profiles you are comfortable exposing to the agent, and treat message/profile text as untrusted content that should not override user instructions.