ClawHub

LinkedIn Inbox Manager

Security checks across malware telemetry and agentic risk

Overview

This LinkedIn inbox skill is purpose-aligned but needs review because it can monitor private messages, save screenshots, post message details externally, and send messages from a logged-in account using broad browser-control permissions.

Install only if you are comfortable giving the agent browser-control access to a logged-in LinkedIn account. Use a dedicated browser profile with other sensitive tabs closed, keep the notification channel private, review each draft and recipient before sending, avoid broad commands like send all, and remove scheduled monitoring when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation guidance is broad enough that ordinary user requests about LinkedIn messages could unintentionally activate the skill and trigger inbox scanning or drafting behavior. In a skill that processes private communications and drives UI automation, ambiguous activation increases the chance of unauthorized data access or actions beyond user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The startup phrase 'Start LinkedIn inbox monitoring' is generic and lacks scope guards, confirmation requirements, or clear boundaries on what monitoring entails. Because the skill can inspect message content, capture screenshots, and prepare outbound communications, a generic trigger can lead to accidental activation and privacy-impacting automation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The workflow explicitly captures LinkedIn inbox screenshots, reads conversation content, classifies messages, and posts previews plus drafted responses to an external notification channel, but the skill does not prominently disclose these privacy-sensitive behaviors up front. This can expose private message content, sender identities, and contextual business information to systems or channels that recipients did not expect, increasing confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script captures a screenshot of a LinkedIn conversation and writes it to a predictable location on disk under /tmp without any explicit user warning, consent check, or handling guidance for potentially sensitive message content. LinkedIn inboxes often contain private personal, professional, or confidential data, so persisting screenshots can expose message contents to other local processes, users, backups, or later unintended reuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs an irreversible send action immediately after typing the message, with no user confirmation, preview, or approval gate. In the context of a LinkedIn inbox automation skill, this increases the risk of unintended outbound messages caused by wrong conversation selection, malformed drafted content, UI focus errors, or prompt/automation misuse, which can lead to reputational damage or disclosure to the wrong recipient.

Ssd 3

Medium
Confidence
93% confidence
Finding
Instructing the agent to log all inbox actions in a daily memory file creates a secondary retention channel for potentially sensitive communications, approvals, and message excerpts. Even if operationally useful, persistent natural-language logs can broaden access to private inbox content and increase the blast radius of a later compromise or inadvertent disclosure.

Context Leakage

High
Category
Data Exfiltration
Content
peekaboo press return --app "Google Chrome"
sleep 3

# Capture the conversation
OUTPUT_PATH="/tmp/linkedin-conversation-$(date +%s).png"
peekaboo see \
    --app "Google Chrome" \
Confidence
97% confidence
Finding
Capture the conversation

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal