ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

The LinkedIn Optimization Toolkit

Enterprise-grade API key generation, verification, and lifecycle management with centralized administrative control.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 40 · 0 current installs · 0 all-time installs
byToolWeb@krishnakumarmahadevan-cmd
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is named "The LinkedIn Optimization Toolkit" but the SKILL.md and openapi.json describe a "Central Key Management System" (API key generation/verification/revocation). The name/slug and description don't match the actual functionality in the bundled docs, which suggests mislabeling or packaging error.
!
Instruction Scope
Runtime instructions are just cURL/HTTP examples that send API keys, admin_key values, and session data to https://api.mkkpro.com (ToolWeb). While that matches a key-management purpose, it also means sensitive keys and admin credentials will be transmitted to an external third party. The SKILL.md does not describe data retention, encryption, or who operates the remote service.
Install Mechanism
Instruction-only skill with no install spec and no code files to install — nothing is written to disk by an installer. This is lower install risk.
!
Credentials
The service clearly requires an administrative key (admin_key) and accepts API keys, but the registry metadata declares no required environment variables or primary credential. A key management skill would normally declare how credentials are supplied and protected. The absence of declared credentials combined with instructions that send secrets to an external host is disproportionate and unclear.
Persistence & Privilege
The skill does not request persistent/always-on privileges, does not change other skills' configs, and does not include install-time persistence — no elevated platform privilege is requested.
What to consider before installing
Do not provide real admin keys or production API keys to this skill until you verify the operator and data handling. Questions to resolve before installing: who runs api.mkkpro.com/toolweb.in, where and how are keys stored and encrypted, what is the retention/audit policy, and does the service meet your compliance requirements? The naming mismatch (LinkedIn vs Key Management) is suspicious — ask the publisher for provenance or use a vetted, on-prem/key-management solution instead. If you want to test functionality, try with throwaway/demo keys only.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cmfebnnjkq2gq3akgdq7hn983twr0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

The Central Key Management System is a secure, centralized platform for managing cryptographic API keys across distributed applications and services. Designed for organizations that require strict control over key generation, distribution, and revocation, this system provides administrators with a comprehensive dashboard to oversee all key lifecycle operations.

This system enables secure authentication through admin-controlled key generation, real-time key verification, and immediate revocation capabilities. The platform maintains detailed audit trails and session management, making it ideal for enterprises operating under regulatory compliance frameworks such as SOC 2, ISO 27001, and PCI-DSS.

Organizations use the Central Key Management System to enforce key rotation policies, prevent unauthorized access through rapid revocation, and maintain centralized visibility into all API key operations across their infrastructure.

Usage

Generate a New API Key

Request:

{
  "client_name": "payment-service-prod",
  "expires_at": "2025-12-31T23:59:59Z"
}

cURL:

curl -X POST https://api.mkkpro.com/career/linproopt/generate-key-ui \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_name=payment-service-prod&expires_at=2025-12-31T23:59:59Z"

Response:

{
  "api_key": "sk_prod_a7f9d3e2c1b5f8g4h6j2k9m1n3p5r7t9",
  "client_name": "payment-service-prod",
  "created_at": "2024-01-15T10:30:22Z",
  "expires_at": "2025-12-31T23:59:59Z",
  "status": "active"
}

Verify an API Key

Request:

curl -X POST https://api.mkkpro.com/career/linproopt/verify-key \
  -H "Content-Type: application/json" \
  -d '{"api_key": "sk_prod_a7f9d3e2c1b5f8g4h6j2k9m1n3p5r7t9"}'

Response:

{
  "valid": true,
  "client_name": "payment-service-prod",
  "expires_at": "2025-12-31T23:59:59Z",
  "status": "active",
  "last_used": "2024-01-15T14:22:10Z"
}

Endpoints

Authentication

GET /login

Retrieve the login page interface.

Response:

  • 200 OK - HTML login page (text/html)

POST /login

Authenticate using an admin key to access the management dashboard.

Parameters:

NameTypeRequiredDescription
admin_keystringYesAdministrative key for authentication

Response:

  • 200 OK - Authentication successful, returns JSON with session token
  • 422 Validation Error - Missing or invalid admin_key parameter

GET /logout

Terminate the current session and invalidate the session token.

Response:

  • 200 OK - Successfully logged out

Key Management

POST /generate-key-ui

Generate a new API key for a client with specified expiration.

Parameters:

NameTypeRequiredDescription
client_namestringYesUnique identifier for the client or service requesting the key
expires_atstringYesISO 8601 timestamp indicating key expiration (e.g., 2025-12-31T23:59:59Z)

Response:

  • 200 OK - Key successfully generated, returns API key details
  • 422 Validation Error - Missing or malformed parameters

GET /get-random-key

Retrieve a randomly generated key from the system's key pool.

Response:

  • 200 OK - Returns a random API key object

POST /verify-key

Validate an API key and retrieve its metadata and status.

Parameters:

NameTypeRequiredDescription
api_keystringYesThe API key to validate

Response:

  • 200 OK - Key validation result with client name, expiration, and status

POST /revoke-key

Immediately revoke an active API key, preventing further use.

Parameters:

NameTypeRequiredDescription
api_keystringYesThe API key to revoke

Response:

  • 200 OK - Key successfully revoked
  • 422 Validation Error - Missing or invalid api_key parameter

Administrative & Diagnostic

GET /admin

Access the administrative dashboard for key management and system oversight.

Response:

  • 200 OK - HTML admin panel interface (text/html)

GET /debug-session

Retrieve current session information for debugging and audit purposes.

Response:

  • 200 OK - Session details in JSON format

GET /healthz

Health check endpoint for monitoring system availability and readiness.

Response:

  • 200 OK - System is operational

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…