Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LinkedIn Inbox Manager
v0.1.0LinkedIn inbox management with scheduled scanning, auto-draft responses following user's communication style, and approval workflows. Use when monitoring LinkedIn messages, drafting replies, managing inbox during off-hours, or setting up morning ping summaries of LinkedIn activity.
⭐ 0· 2.1k·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and scripts clearly require macOS, the Peekaboo CLI, and jq (peekaboo commands and JSON parsing), but the registry metadata lists no required binaries or platform restriction. That mismatch is incoherent: an inbox automation skill legitimately needs UI automation tools, but the package metadata should declare those dependencies and the macOS requirement.
Instruction Scope
Instructions explicitly capture annotated screenshots of the browser and read historical messages and USER.md to build a style profile — this is necessary for the stated drafting feature. However, screen recording + Accessibility permissions allow the skill to capture any on-screen content (not just LinkedIn), and the scripts save screenshots/json to /tmp. The SKILL.md's safety rules require explicit approval before sending, but that is an instruction-level policy (it depends on correct agent enforcement).
Install Mechanism
There is no install spec (instruction-only with included scripts). That reduces supply-chain risk (nothing downloaded at install time). The included scripts run locally and rely on existing tools rather than fetching remote code.
Credentials
No environment variables or external credentials are requested (good), but the skill requires granting macOS screen-recording and Accessibility privileges to peekaboo — high-scope permissions that can expose unrelated sensitive data. The manifest also fails to declare required binaries (peekaboo, jq), and the config references external notification channels (discord/#linkedin) without showing how messages are posted — this could lead to accidental exfiltration if notifications are routed externally.
Persistence & Privilege
always:false and user-invocable:true (default) — the skill does not request forced persistent inclusion or system-wide changes to other skills. Note: agent autonomous invocation is allowed by default; combined with granted screen-capture permissions, autonomous runs would have a larger blast radius if misconfigured, but that alone is not grounds for blocking.
What to consider before installing
Before installing: 1) Confirm you are comfortable granting Peekaboo screen-recording and Accessibility access — these let the skill capture any on-screen content, not just LinkedIn. 2) Ensure the agent enforces the 'require approval' safety rule in practice (test in dry-run mode). 3) Add/verify metadata: declare required binaries (peekaboo, jq) and macOS-only platform. 4) Inspect where screenshots/JSON are stored and for how long (scripts write to /tmp); consider changing paths and retention. 5) Verify how notifications are delivered (Discord or other) so private message contents aren't posted to external channels unintentionally. 6) Run initial scans with a non-sensitive account or while logged out to confirm behavior. If you can't confirm these, treat the skill as high-risk and avoid installing it on machines with sensitive open documents or accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk971kjbyczwk6kzsycbj1xj5397zzw7j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.