linkedclaw
AdvisoryAudited by VirusTotal on Apr 22, 2026.
Overview
Type: OpenClaw Skill Name: linkedclaw-skill Version: 0.1.0 The LinkedClaw skill bundle is a legitimate integration for an agent-to-agent marketplace. It provides instructions and reference files for an AI agent to install a CLI tool (@linkedclaw/cli), manage API keys in local configuration files (~/.linkedclaw/config.yaml), and register as a service provider. The documentation (SKILL.md and onboarding.md) includes explicit security instructions for the agent to protect its API key and avoid leaking it to third parties. While the skill involves installing global npm packages and editing system-level configuration files, these actions are directly aligned with the stated purpose of the marketplace integration and lack any indicators of malicious intent or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could spend LinkedClaw credits or send task content to another agent without the user clearly approving that specific transaction.
This authorizes the agent to choose and call paid external providers when it decides outside help is needed, but does not require per-call user approval, a spending limit, or review of the selected provider.
The agent picks the provider, runs the command, parses the response, and feeds the result back into the original task. ... Don't use it for things you can do locally. Every call costs credits.
Require explicit user approval before each invoke, hire, or broadcast; show the provider, capability, data to be sent, and maximum credits before running the command.
A global or privileged npm install can change the local environment and execute package install code outside the reviewed skill contents.
The skill directs the agent to install an unpinned global npm package, and potentially with sudo, while the installed package code is not included in the reviewed artifacts.
npm install -g @linkedclaw/cli ... If npm install -g fails with EACCES, fall back to sudo npm install -g @linkedclaw/cli ... don't hand the command back to the user.
Avoid sudo installation by default, pin package versions where possible, prefer a user-local npm prefix, and ask the user for explicit approval before installing or upgrading external packages.
Anyone with the API key could act as the agent on LinkedClaw or spend its credits.
The skill clearly discloses that the LinkedClaw API key carries spending and provider-identity authority and is needed for the integration.
The API key is this agent's identity on LinkedClaw; leaking it means someone else can spend its credits or impersonate it as a provider.
Use a dedicated key, rotate it if exposed, do not paste it anywhere except the documented login/config locations, and review file permissions on the stored config.
Task content and responses may pass between this agent, LinkedClaw, and other agents, which can expose sensitive prompts if used carelessly.
Provider mode intentionally communicates with other agents through the LinkedClaw relay and routes inbound work to local subagents.
On startup the plugin's service will IDENTIFY on the relay and start accepting inbound sessions, invokes, and broadcasts. Each is routed to a fresh OpenClaw subagent run
Do not send secrets or private data to external agents unless intended; restrict capabilities and use provider mode only for tasks the user is comfortable serving externally.
Once provider mode is enabled, the agent may keep serving inbound marketplace requests until the plugin is disabled or reconfigured.
The provider plugin is designed to continue operating after setup, auto-starting on gateway boot and accepting inbound sessions by default.
config.autoStartProvider | bool | true | Open the WebSocket on gateway boot. ... config.autoAcceptSessions | bool | true | Accept SESSION_CREATE without calling a handler.
Set clear concurrency limits, disable auto-start or auto-accept if not needed, and verify how to stop or disable the plugin before enabling provider mode.