ClawHub

Linkedin Pipedream

Security checks across malware telemetry and agentic risk

Overview

This LinkedIn automation skill matches its stated purpose, but it needs review because it can use local Pipedream credentials and hardcoded account details to post or delete public LinkedIn content.

Install only if you control the LinkedIn, Pipedream, and organization accounts involved. Before use, replace all hardcoded Telegram, auth provision, member, and organization IDs with your own verified values, inspect ~/.config/pdauth/config.json, avoid committing any copied credentials, and require explicit confirmation before posting, commenting, liking, or deleting content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The workaround instructs users to pull local Pipedream client credentials from ~/.config/pdauth/config.json and embed them directly in a script along with a fixed authProvisionId. That expands the skill from normal LinkedIn actions into handling reusable secrets and account-bound identifiers, increasing the risk of credential leakage, unauthorized API use, and accidental reuse across users or environments.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation exposes a real person's LinkedIn member URN, Telegram-linked user ID, auth provision ID, and organization admin relationship. Even if these are not raw passwords, they are sensitive identifiers that can enable targeting, account correlation, social engineering, and misuse of account-specific API examples.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents a destructive delete-post action with a one-line example but no warning, confirmation step, or advice to verify ownership and target post URN before execution. In an agentic context, this can lead to accidental deletion of content due to malformed instructions, stale state, or incorrect URN selection.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workaround example combines local secret extraction, hardcoded client credentials, and concrete account identifiers without any warning that these values are sensitive. Users may copy this pattern into source control, logs, or shared environments, exposing secrets that can be used to invoke Pipedream actions outside the intended LinkedIn skill flow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script automatically reads stored OAuth/client credentials from ~/.config/pdauth/config.json and immediately uses them to perform an external LinkedIn posting action. In an agent-skill context, this is risky because invoking the helper can cause real outbound actions under the user's account without an explicit consent checkpoint or strong warning that local secrets will be accessed and used.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal