LinkedIn Search Posts

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apify-based LinkedIn post search helper, with expected external API use and no hidden local installer or persistence.

Install only if you are comfortable sending LinkedIn search terms, target filters, and retrieved post data through Apify. Use a dedicated or scoped Apify token where possible, avoid sharing logs or command history containing token URLs, set explicit limits for posts/comments/reactions to control cost and volume, and review Apify and LinkedIn compliance obligations before collecting sensitive or broad datasets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly instructs sending search queries and retrieving scraped LinkedIn content through a third-party service using an API token, but it provides no warning that user inputs, target profile/company identifiers, and retrieved data will be transmitted to and processed by Apify. In a scraping context, this omission can mislead users about where their data goes and the privacy/compliance implications of collecting third-party social media data.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Run the actor ```bash curl --request POST \ --url "https://api.apify.com/v2/acts/harvestapi~linkedin-post-search/runs?token=$APIFY_API_TOKEN" \ --header 'Content-Type: application/json' \ --data '{
Confidence: 88% confidence
Finding: curl --request POST \ --url "https://api.apify.com/v2/acts/harvestapi~linkedin-post-search/runs?token=$APIFY_API_TOKEN" \ --header 'Content-Type: application/json' \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: ## Poll until complete ```bash curl "https://api.apify.com/v2/acts/harvestapi~linkedin-post-search/runs/<RUN_ID>?token=$APIFY_API_TOKEN" ``` Vérifier `data.status` == `SUCCEEDED`.
Confidence: 87% confidence
Finding: https://api.apify.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ## Fetch results ```bash curl "https://api.apify.com/v2/datasets/<DATASET_ID>/items?token=$APIFY_API_TOKEN" ``` Retourne un tableau JSON. Chaque item contient :
Confidence: 87% confidence
Finding: https://api.apify.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal