AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If mishandled, the cookie could allow reading or acting as the user on LinkedIn, including messages and network actions.
`li_at` is a LinkedIn session cookie that can authenticate account access. The artifact does not define where it is stored, how long it is retained, what API requests are allowed, or how the user can revoke/clean it up.
extract the `li_at` cookie from browser ... Copy `li_at` value ... Store securely for API requests
Prefer the browser-based workflow over copying cookies. If cookies are used, require explicit user consent, store them only in a defined secure location, limit use to the requested task, and provide deletion/revocation guidance.
A mistaken or insufficiently reviewed action could send unwanted messages or connection requests from the user's LinkedIn account.
The skill can drive LinkedIn UI actions that send messages or connection requests from the user's account. The instructions do require confirmation, so this is purpose-aligned but still high-impact.
Send Message (confirm with user first!) ... Use `browser action=act` with click/type actions ... Never accept/send connection requests without confirmation
Only use this skill interactively, review recipients and message text before approval, and avoid bulk or rapid automation.
LinkedIn may remain accessible to the agent after the initial task unless the user signs out or clears the browser profile/session.
The skill discloses persistent browser login state, which is common for browser automation but means future invocations may still have access to the LinkedIn account.
Log in manually (one-time setup) ... Session persists for future use
Use an isolated browser profile when possible and clear the session when you no longer want the agent to access LinkedIn.