Back to skill
Skillv1.0.0
VirusTotal security
Linkedin Pipedream · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:23 AM
- Hash
- 6287653d6b162bca3075dde4dbeb7418a6222dd40d28ed49f0edb0838f18d9df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: linkedin-pipedream Version: 1.0.0 The skill is classified as suspicious due to its reliance on executing local scripts (`org-post.mjs`) that directly read sensitive Pipedream credentials (clientId, clientSecret, projectId) from `~/.config/pdauth/config.json`. While this credential access is for the stated purpose of authenticating with Pipedream to perform LinkedIn actions, the direct programmatic access to a user's configuration file containing secrets, combined with the execution of arbitrary local Node.js scripts, represents a significant security risk if the skill were compromised or misused. The `SKILL.md` also instructs the agent to execute external `pdauth` commands, which, while necessary for the skill, adds to the overall risk profile.
- External report
- View on VirusTotal