Back to skill

Security audit

OpenClaw LinkedIn Poster Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to post to LinkedIn, but it needs careful review because it can publish public personal or company-page posts using broad OAuth permissions without a final confirmation step.

Install only if you trust the publisher and the hosted OAuth callback server. Use a dedicated LinkedIn app with the minimum scopes you need, verify the exact post text and destination before invoking the skill, avoid vague chat commands, and delete or protect the local .linkedin_token file when you are done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata says it posts to the user's LinkedIn profile, but the code requests organization scopes and supports posting to LinkedIn organizations via --org. This expands authority beyond the declared purpose and can mislead users into granting broader permissions than expected.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code enumerates organizations the user administers and can post on their behalf, even though the skill is presented as posting to the user's own profile. In this context, that mismatch is dangerous because it enables unintended publication to company pages, which can cause reputational and operational harm.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The README presents a very broad natural-language trigger ('Just tell your bot to post!') without clearly constraining intent confirmation, which can lead an agent to interpret ordinary conversation as authorization to publish content. In a skill that performs real external side effects on a user's LinkedIn profile or company page, ambiguous invocation increases the risk of unintended posting.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explains the flow but does not prominently warn that successful execution immediately publishes content to the user's personal profile or administered company page. Because this skill performs irreversible public-facing actions, missing disclosure and confirmation guidance makes accidental reputational harm more likely in agent-driven contexts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly relies on a hosted third-party OAuth callback server, but the documentation does not prominently disclose in the description/setup that authorization data will transit through infrastructure outside the user's control. This creates a real trust and privacy risk because users may authorize the app without understanding that a shared external service is participating in the OAuth flow and could observe codes, metadata, or mis-handle tokens if implemented insecurely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The OAuth access token is stored in a local file in the skill directory without explicit permission hardening or meaningful disclosure to the user. A locally accessible bearer token can be reused by other local processes or users to act as the victim on LinkedIn until expiry.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs an irreversible external post immediately once text and credentials are available, without a final confirmation step showing the target account/page and content. In a skill that can post publicly, this increases the risk of accidental or socially engineered publication.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal