OpenClaw LinkedIn Poster Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill largely does what it says, but it uses broad persistent LinkedIn OAuth access, an external OAuth callback server, and can publish public personal or company posts without a final confirmation.
Review carefully before installing. Use it only if you trust the publisher and the hosted OAuth callback server, prefer a dedicated LinkedIn app with the minimum scopes you need, protect or delete the .linkedin_token file when done, and manually verify the exact text and company target before asking the agent to post.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A third-party service participates in the OAuth handoff for permissions that can publish to LinkedIn. If that service is compromised or mishandles state, authorization codes could be exposed or mixed up.
The OAuth authorization code is routed through and polled from a third-party hosted callback server, with timestamp-based state and no client-side authentication shown for retrieving the code.
const CALLBACK_SERVER = 'https://linkedin-oauth-server-production.up.railway.app'; ... const state = Date.now().toString(); ... fetch(`${CALLBACK_SERVER}/api/token/${state}`);Use a local or user-controlled audited OAuth callback, generate cryptographically random state, authenticate callback retrieval, and document the callback server's ownership, retention, and source.
A mistaken or ambiguous organization name could cause the agent to publish public content to the wrong company page or profile.
For company posts, the code selects the first organization name containing the provided text, then publishes a public LinkedIn post without an explicit confirmation step.
if (orgInfo.name.toLowerCase().includes(normalizedTarget)) { ... return urn; } ... "com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC" ... fetch('https://api.linkedin.com/v2/ugcPosts', { method: 'POST'Require a preview and explicit confirmation before posting, use exact organization IDs or a user-selected list, and support draft/dry-run behavior.
If the saved token is misused or stolen, it may allow LinkedIn posting, including organization-page actions when those scopes are granted.
The skill requests personal and organization LinkedIn social permissions and persists the resulting access token locally for reuse.
const TOKEN_FILE = path.join(__dirname, '.linkedin_token'); ... const SCOPE = 'openid profile w_member_social w_organization_social r_organization_social'; ... fs.writeFileSync(TOKEN_FILE, JSON.stringify(data));
Request organization scopes only when needed, separate personal and organization authorization flows, store tokens with restrictive permissions, and provide a clear token revocation/removal process.
Normal users should see a browser open for LinkedIn authorization; the main concern is implementation hardening rather than evidence of malicious execution.
The OAuth flow opens the browser through a shell command. This is expected for the setup flow, but using shell execution with runtime-built strings is a safer-to-avoid pattern.
const { exec } = require('child_process'); ... exec(`${startCmd} "${authUrl}"`);Use a non-shell launcher such as spawn/execFile with fixed arguments, and ensure URL parameters are encoded.