PassAudited by VirusTotal on May 3, 2026.
Overview
Type: OpenClaw Skill Name: linkedin-social Version: 0.1.0 The skill provides instructions for an AI agent to interact with LinkedIn using the ClawLink integration service (claw-link.dev). It guides the agent through plugin installation, device pairing, and dynamic tool discovery, while emphasizing security practices like user confirmation for write actions and avoiding direct credential handling. The behavior is clearly aligned with the stated purpose of LinkedIn management and lacks evidence of malicious intent or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill requires trusting the ClawLink plugin and hosted service in addition to this SKILL.md file.
The skill itself is instruction-only, but it depends on a separate plugin that is not included in the provided artifacts.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the expected ClawHub source and review ClawLink’s documentation, verification page, and requested permissions before pairing.
If connected, ClawLink-backed tools may act on the user’s LinkedIn account within the scopes the user approves.
The skill requires delegated LinkedIn account access through OAuth, which is expected for posting and analytics but grants meaningful account authority.
ClawLink's hosted page runs the LinkedIn OAuth flow — the user clicks through the LinkedIn login and grant screen.
Check the LinkedIn OAuth consent screen carefully, grant only acceptable permissions, and revoke the connection if no longer needed.
Mistaken or overbroad tool use could publish unwanted content, comment publicly, or remove posts from the user’s LinkedIn presence.
The skill can perform public-facing and destructive LinkedIn actions. This is aligned with the skill’s purpose, and the artifact includes confirmation guidance.
- Publish text posts - Comment on posts - Delete posts
Review previews carefully and require explicit confirmation before any post, comment, deletion, page-management, or bulk action.
LinkedIn requests, responses, and account actions may be routed through ClawLink rather than only between the user and LinkedIn.
The available LinkedIn tools and schemas come dynamically from the ClawLink gateway, so data and actions depend on a third-party provider’s live catalog and connection state.
ClawLink provides tools dynamically based on what the user has connected. You do not need to know tool names or schemas in advance.
Use this only if ClawLink is an acceptable intermediary, and verify the live tool description and requested action before authorizing sensitive operations.