ClawHub

LinkedIn API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LinkedIn data API skill that uses an agntdata API key for expected external API calls, with privacy and credential-handling caveats for users to consider.

Install this only if you intend to use agntdata as a third-party LinkedIn data provider. Treat AGNTDATA_API_KEY as a sensitive credential, use a scoped or revocable key if available, avoid querying or storing more personal/professional data than needed, and make sure your use of LinkedIn-derived data fits your legal, platform, and privacy obligations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly promotes broad LinkedIn profile, company, jobs, and network data retrieval using a bearer token, but it does not include any user-facing privacy, consent, acceptable-use, or data-handling guidance. That omission increases the risk that an agent will collect or process personal/professional data without appropriate notice, minimization, or compliance checks.

External Transmission

Medium
Category
Data Exfiltration
Content
After setting your API key, activate it by calling the registration endpoint. This only needs to be done once per key:

```bash
curl -X POST https://api.agntdata.dev/v1/register \
  -H "Authorization: Bearer $AGNTDATA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"intendedApis": ["linkedin"], "useCase": "Brief description of your use case"}'
Confidence
81% confidence
Finding
https://api.agntdata.dev/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal