Skillv1.0.0

ClawScan security

LinkedIn Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 5:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code generally matches a browser-driven LinkedIn automation tool, but there are multiple internal inconsistencies and a few practices you should verify before installing (notably browser-debugger/cookie access, local WebSocket endpoints, and mismatched docs vs code).
Guidance: This project appears to implement a browser-based LinkedIn automation tool and mostly does what it says, but you should take these precautions before installing: - Review and understand the Chrome extension code (extension/background.js and extension/dom_commands.js). The extension requests cookies and debugger permissions which let it read and manipulate pages in your logged-in LinkedIn session — only install if you trust the code and author. - Confirm the correct local WebSocket port: SKILL.md, bridge.py, background.js and bridge_server.py contain contradictory defaults (9335 vs 9336). Verify the bridge URL in your runtime configuration so the CLI/bridge/extension talk to the same port. - The Python side will download user-specified image URLs to ~/.linkedin-skills/images. If you accept image URLs from others, be aware you are allowing the tool to fetch remote content to your disk. - The tool auto-launches a local bridge server and may try to open Chrome. Consider running the bridge server manually first (python scripts/bridge_server.py) so you can observe connections. - Loading an unpacked extension requires you to enable Developer Mode in Chrome. That is a manual step that grants the extension the listed permissions; do not load it unless you have reviewed the extension source. - If you have stringent security/privacy requirements, prefer not to install code with debugger/cookie access to your browser — instead use an official API integration with explicit credentials. Given the mismatches in documentation vs code and the sensitive browser permissions required, the skill is coherent enough to function but has enough inconsistencies and high-impact capabilities that you should audit the files and runtime port configuration before use.

Review Dimensions

Purpose & Capability: noteThe skill claims to automate LinkedIn using the user's logged-in browser session — the included Chrome extension + Python bridge code implements that. Requesting no API keys and using browser cookies is proportionate to the stated purpose. However, registry metadata (no config paths) versus SKILL.md (declares ~/.linkedin-skills/images) and code comments/docs disagree on the bridge port and other minor details, which suggests sloppy packaging rather than clean alignment.
Instruction Scope: concernSKILL.md enforces using python scripts/cli.py and a Chrome extension that uses cookies and chrome.debugger to read and manipulate the LinkedIn DOM. That scope is consistent with the purpose, but the runtime instructions contain contradictory details (SKILL.md text mentions bridge at ws://localhost:9335 while extension background.js and bridge_server.py use 9336; bridge.py has a default of 9335 but the CLI passes 9336). The doc also asserts 'no external network calls', but the Python image_downloader deliberately fetches user-supplied image URLs and caches them to ~/.linkedin-skills/images (this is disclosed). Because the extension uses chrome.debugger and cookies, it can access and act inside your logged-in LinkedIn session — appropriate for automation but high-impact if you don't trust the code.
Install Mechanism: noteThe package doesn't include a formal registry install spec but SKILL.md suggests pip installing websockets or using 'uv sync' (uv package manager). That's an expected moderate-risk install path (pulling from PyPI). There's no remote arbitrary archive download in the install instructions. The extension must be loaded unpacked by the user (manual step) which reduces stealth risk but requires trusting the local extension code.
Credentials: okNo environment variables or external credentials are requested. The skill requires access to your browser session (cookies) and debugging APIs to operate LinkedIn as your logged-in user — this is proportional to the automation purpose but is sensitive (session access allows acting as you on LinkedIn). The project stores downloaded images under ~/.linkedin-skills/images, which is consistent with its functionality.
Persistence & Privilege: okThe skill is not marked always:true and does not request to modify other skills. It runs a local WebSocket bridge server and asks you to install a Chrome extension (explicit user action). Those are normal for this architecture; autonomous agent invocation remains enabled by default but is not itself a new red flag here.