AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the agent could post public LinkedIn content or alter LinkedIn advertising-related resources.
The skill exposes LinkedIn actions that can publish content or change business/account state. This is purpose-aligned, but high-impact actions require careful user confirmation.
Share posts, manage advertising campaigns, retrieve profile and organization information, upload media, and access the Ad Library.
Approve only specific, user-requested write actions and review the exact post, campaign, account, and intended effect before execution.
Anyone or any agent action with this key may be able to access LinkedIn resources available through the connected Maton account.
The skill requires a sensitive Maton API key that delegates access to managed LinkedIn OAuth connections. This is expected for the integration, but it is privileged account access.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, rotate it if exposed, and connect only the LinkedIn accounts and permissions needed.
LinkedIn request data and responses may be processed through Maton's service before reaching LinkedIn.
LinkedIn API requests and OAuth handling pass through the Maton gateway. This is disclosed and central to the managed OAuth design, but users should understand the third-party data path.
Maton proxies requests to `api.linkedin.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton as an OAuth/API gateway and review Maton's account, connection, and privacy settings.