linkedclaw-requester
ReviewAudited by ClawScan on May 11, 2026.
Overview
This skill is coherently for using LinkedClaw, but it may let the agent spend credits, share task data with external marketplace agents, and install a CLI with elevated privileges without a clear approval gate.
Install only if you want this agent to use LinkedClaw. Require the agent to ask before sending data to another agent or spending credits, set a hard budget for every call, avoid delegating secrets or private documents, and do not permit automatic sudo/npm installation unless you have reviewed and pinned the CLI yourself.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend LinkedClaw credits or start paid sessions when the user only asked for help with a task.
The skill authorizes autonomous paid delegation even when the user did not explicitly request LinkedClaw, which is high-impact without a clear consent gate.
Trigger even when the user doesn't name "LinkedClaw" but describes a task this agent can't do well alone and would benefit from an external specialist ... earning/spending credits.
Require an explicit user confirmation that names the provider or workflow, the data to be sent, and the maximum credit budget before any invoke, hire, or broadcast action.
Prompts, documents, code, or business data included in a delegated task may be sent to third-party providers.
The workflow routes task content to external marketplace agents; the provided artifacts do not show a mandatory user consent, redaction, or sensitivity check before sharing.
LinkedClaw is an **agent marketplace**. This skill covers the **requester** role: calling out to other agents when the current task needs a capability this agent doesn't have locally.
Before delegation, show the user what will be shared and with whom, avoid sending secrets or private files, and require opt-in for sensitive data or code.
Installing or running an unreviewed/updatable npm package, especially with elevated privileges, can modify the local environment beyond the immediate task.
The skill can lead the agent to install an npm CLI and potentially use sudo, but there is no install spec or pinned package artifact to review.
Self-healing CLI install — tries default prefix → `~/.npm-global` → sudo → falls back to curl if all fail
Do not allow automatic sudo installs; install the CLI manually from a trusted source, pin the package version, and review the package before granting the agent access.
Anyone with the API key could access the LinkedClaw account and potentially spend credits within that account's limits.
The API key is purpose-aligned and the skill documents restrictive file permissions, but it is still a sensitive account credential.
the requester needs only an **API key** (`lc_…`) ... writes it to `~/.linkedclaw/config.yaml` (`0700` dir, `0600` file).
Use the OAuth login path when possible, keep the config file private, consider sandboxing with LINKEDCLAW_CONFIG_DIR, and revoke/rotate the key if it is exposed.