ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Linkedin Monitor

Bulletproof LinkedIn inbox monitoring with progressive autonomy. Monitors messages hourly, drafts replies in your voice, and alerts you to new conversations. Supports 4 autonomy levels from monitor-only to full autonomous.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.8k · 2 current installs · 2 all-time installs
by@dylanbaker24
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims browser-based monitoring and drafting replies. The repo contains both a browser-based cron payload and an API-path (scripts/lk.py) that requires LinkedIn session cookies. Registry metadata declared no required credentials, but the code clearly needs LINKEDIN_LI_AT and JSESSIONID (or a credentials.json). Also the repository contains no explicit implementation that sends replies — draft generation and sending are implicit/expected to be performed by the agent/Clawdbot, which is not documented as a required piece. These omissions/inconsistencies reduce confidence that the requested resources align cleanly with the stated purpose.
!
Instruction Scope
Runtime instructions and code instruct the operator/agent to extract LinkedIn cookies from the browser devtools and save them to ~/.clawdbot/linkedin-monitor/credentials.json (or set environment variables). That is sensitive (session tokens). Scripts read/write state, logs, drafts, and config under ~/.clawdbot — expected for a monitor, but the SKILL.md and scripts also rely on an external Clawdbot messaging system to post alerts to channels (Discord/Telegram/Slack/WhatsApp/Signal). Draft creation is described in prose, but no local code calls an LLM to generate drafts; draft content appears to be expected from the Clawdbot agent that consumes the monitor output. The instructions also tell users to keep a browser profile open 24/7. Overall the scope includes collecting and storing session tokens and message content and sending them to external alert channels, which is coherent for a monitor but sensitive and not fully explicit in the registry metadata.
Install Mechanism
There is no installer that downloads code at runtime — the skill is instruction-plus-scripts. package.json exists but there's no install spec that pulls arbitrary URLs; dependencies referenced are standard (linkedin-api python package, jq, optional 'lk' npm package). No remote, unvetted archive downloads or URL-shortened installers were found.
!
Credentials
The registry metadata lists no required environment variables or primary credential, yet scripts/lk.py requires LINKEDIN_LI_AT and LINKEDIN_JSESSIONID (or a credentials.json). That mismatch is a red flag: the skill needs sensitive LinkedIn session cookies to function but does not declare them in its manifest. The scripts persist credentials in plaintext under the user's home directory. The skill also expects a browser profile logged-in to LinkedIn and a channel ID for alerts (Discord/other). The number and sensitivity of required secrets (LinkedIn session cookies) are significant and should be explicitly declared and justified in the metadata.
Persistence & Privilege
The skill is not configured always:true and thus is not force-included. It can be invoked autonomously (platform default). Because it needs LinkedIn session credentials and can operate on a schedule (cron), autonomous invocation increases its blast radius — review autonomy-level controls before enabling auto-reply modes. The skill does not modify other skills or system-wide configs, and state is kept under its own ~/.clawdbot path.
What to consider before installing
This skill can monitor LinkedIn, but proceed cautiously: - Credentials: The code expects LinkedIn session cookies (li_at and JSESSIONID) though the registry metadata doesn't declare them. These are sensitive session tokens — only supply them if you trust the code and the Clawdbot runtime. Prefer short-lived/test tokens and rotate them after testing. - Storage: Credentials are saved in plaintext to ~/.clawdbot/linkedin-monitor/credentials.json by lk.py; consider securing that file (strict permissions) or avoid persistent storage by using environment vars temporarily. - Drafting and sending: The README/SKILL.md promise drafting replies in your voice and autonomous reply levels, but the repository contains no explicit LLM-call that generates drafts or any implementation to send messages. Draft generation appears to be expected to happen on the agent/Clawdbot side when it processes monitor output. Verify where drafts are created and how 'send' actions are executed before enabling autonomous modes (especially Level 2/3). - Autonomy: Keep the skill in monitor-only or draft+approve mode while you audit behavior. Enabling full autonomous replies (Level 3) before you confirm where drafts are generated and how sends are executed is risky. - Channel outputs: Alerts are delivered via Clawdbot messaging to external channels (Discord, Telegram, Slack, WhatsApp, Signal). Confirm that Clawdbot's outbound integration to those services is configured securely and that you trust those channels to receive message content. - Compliance and TOS: Extracting and reusing LinkedIn cookies may violate LinkedIn terms of service. Confirm you accept that risk. What would change this assessment: if the registry metadata were corrected to declare the required LinkedIn credentials, if credential storage were encrypted or optional, and if the skill included an explicit, auditable component that generates drafts and performs sends (or clearly documented that the agent will produce drafts and that sends require explicit operator approval).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk9769frjajj93cjpqf80rhpwdx8029s4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

LinkedIn Monitor

Reliable LinkedIn inbox monitoring for Clawdbot.

Features

  • Hourly monitoring — Checks inbox every hour, 24/7
  • Deterministic state — No duplicate notifications, ever
  • Progressive autonomy — Start supervised, graduate to autonomous
  • Health checks — Alerts when auth expires or things break
  • Your voice — Drafts replies using your communication style

Quick Start

# 1. Setup (interactive)
linkedin-monitor setup

# 2. Verify health
linkedin-monitor health

# 3. Run manually (test)
linkedin-monitor check

# 4. Enable cron (hourly)
linkedin-monitor enable

Autonomy Levels

LevelNameBehavior
0Monitor OnlyAlerts to new messages only
1Draft + ApproveDrafts replies, waits for approval
2Auto-Reply SimpleAuto-handles acknowledgments, scheduling
3Full AutonomousReplies as you, books meetings, networks

Default: Level 1 — Change with linkedin-monitor config autonomyLevel 2

Commands

linkedin-monitor setup      # Interactive setup wizard
linkedin-monitor health     # Check auth status
linkedin-monitor check      # Run one check cycle
linkedin-monitor enable     # Enable hourly cron
linkedin-monitor disable    # Disable cron
linkedin-monitor status     # Show current state
linkedin-monitor config     # View/edit configuration
linkedin-monitor logs       # View recent activity
linkedin-monitor reset      # Clear state (start fresh)

Configuration

Location: ~/.clawdbot/linkedin-monitor/config.json

{
  "autonomyLevel": 1,
  "alertChannel": "discord",
  "alertChannelId": "YOUR_CHANNEL_ID",
  "calendarLink": "cal.com/yourname",
  "communicationStyleFile": "USER.md",
  "timezone": "America/New_York",
  "schedule": "0 * * * *",
  "morningDigest": {
    "enabled": true,
    "hour": 9,
    "timezone": "Asia/Bangkok"
  },
  "safetyLimits": {
    "maxMessagesPerDay": 50,
    "escalationKeywords": ["angry", "legal", "refund"],
    "dailyDigest": true
  }
}

How It Works

Monitoring Flow

1. Health Check
   └── Verify LinkedIn auth (lk CLI)
   
2. Fetch Messages
   └── lk message list --json
   
3. Compare State
   └── Filter: only messages not in state file
   
4. For Each New Message
   ├── Level 0: Alert only
   ├── Level 1: Draft reply → Alert → Wait for approval
   ├── Level 2: Simple = auto-reply, Complex = draft
   └── Level 3: Full autonomous response
   
5. Update State
   └── Record message IDs (prevents duplicates)

State Management

State is managed by scripts, not the LLM. This guarantees:

  • No duplicate notifications
  • Consistent behavior across sessions
  • Visible state for debugging

State files: ~/.clawdbot/linkedin-monitor/state/

Sending Approved Messages

When at Level 1, approve drafts with:

send [name]           # Send draft to [name]
send all              # Send all pending drafts
edit [name] [text]    # Edit draft before sending
skip [name]           # Discard draft

Troubleshooting

"Auth expired"

lk auth login
linkedin-monitor health

"No messages found"

linkedin-monitor check --debug

Duplicate notifications

linkedin-monitor reset  # Clear state
linkedin-monitor check  # Fresh start

Dependencies

  • lk CLI (LinkedIn CLI) — npm install -g lk
  • jq (JSON processor) — brew install jq

Files

~/.clawdbot/linkedin-monitor/
├── config.json          # Your configuration
├── state/
│   ├── messages.json    # Seen message IDs
│   ├── lastrun.txt      # Last check timestamp
│   └── drafts.json      # Pending drafts
└── logs/
    └── activity.log     # Activity history

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…