Linkedin Lead Generation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: linkedin-lead-gen Version: 1.0.0 The skill bundle is designed for LinkedIn lead generation and report creation. The `SKILL.md` provides clear instructions for the AI agent to use `browser`, `web_fetch`, and `write` tools, all of which are appropriate for the stated purpose and do not contain any prompt injection attempts to deviate the agent or perform unauthorized actions. The `scripts/generate_report.py` script is a straightforward HTML generator that takes JSON input from stdin and outputs HTML, without any malicious code, external network calls, or file system operations beyond standard I/O.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your LinkedIn session or network context may influence searches and profile viewing while the agent researches leads.
Filtering by 2nd-degree connections is tied to LinkedIn account context or social graph data. This is aligned with the LinkedIn lead-generation purpose, but users should recognize that the browser may operate in an authenticated LinkedIn context.
Use `browser` tool to search LinkedIn ... Filter for 2nd-degree connections for easier outreach.
Use a dedicated or logged-out browser session if desired, and do not grant messaging or broader LinkedIn permissions unless you explicitly want that behavior.
A malicious or malformed profile/site value could alter the report, create deceptive links, or potentially run script if the HTML is opened in a permissive viewer.
The helper directly inserts prospect fields into generated HTML without HTML escaping or URL validation. If those fields are copied from untrusted profiles or websites, markup or script could be rendered in the report.
<div class="name">{p['name']}</div> ... <a href="{p['linkedin_url']}">LinkedIn Profile</a> ... html += f"<li>{need}</li>"Escape all text fields, validate report links to expected http(s) URLs, and prefer generating a sanitized PDF before sharing the report.