Linkedin Outreach
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its LinkedIn outreach purpose, but it can control your LinkedIn account, store session cookies locally, and bulk-send requests or messages in ways that need careful review.
Install only if you intentionally want LinkedIn browser automation. Run commands manually, specify exact recipients, preview before sending, protect or delete ~/.config/linkedin-outreach/session.json when finished, and consider LinkedIn account-restriction and reputation risks before allowing bulk outreach.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool may send LinkedIn connection requests to all saved search contacts instead of only recipients the user explicitly named.
The connect command can fall back to saved search results when URNs are omitted, even though SKILL.md documents --urns as required. That can broaden who receives connection requests beyond the user's explicit command.
console.log(chalk.yellow('No URNs provided. Using last search results.'));Make recipient selection explicit, keep --urns truly required, add a dry-run and final confirmation listing every recipient before sending.
Follow-up messages could be sent to more people, or sooner, than the user expects.
The follow-up flow sends to the pending list, while the advertised --days wait-days option is not shown being enforced in the provided code.
const pending = api.data.pending; ... for (const p of pending) { const result = await api.sendFollowUpMessage(p.urn, message);Honor the --days filter, show each pending recipient and sent date, and default to preview mode before any follow-up messages are sent.
Anyone who can read the saved session file may be able to reuse the LinkedIn session, and the user may not realize the skill stores account session material.
The code handles the user's LinkedIn password and persists authenticated browser session state locally, while the registry metadata does not declare a primary credential.
await this.page.fill('#password', password); ... fs.writeFileSync(SESSION_FILE, JSON.stringify(state));Declare LinkedIn credential/session use in metadata, store session files with restrictive permissions, provide a logout/delete-session command, and explain exactly what is saved.
The user could underestimate account-safety or terms-of-service risks from automation designed to look less automated.
The browser is launched with an anti-automation-detection flag, which is not disclosed in SKILL.md even though the skill warns that over-automation may lead to account restrictions.
args: ['--disable-blink-features=AutomationControlled']
Disclose this behavior clearly, remove stealth-style browser settings unless strictly necessary, and require explicit user consent for automation that may violate provider rules.
Local lead lists and outreach messages may remain on disk after the task is done.
The skill keeps a persistent local store of contacts, pending recipients, and messages for reporting and follow-up.
const DATA_FILE = path.join(CONFIG_DIR, 'data.json'); ... this.data.pending.push({ urn, message, sentAt: new Date().toISOString() });Document the stored data, add retention and deletion controls, and protect the config directory permissions.
Users have less provenance information to verify who maintains the automation code and how it should be safely installed.
The registry provenance and install contract are thin for a package that includes runnable Node/Playwright code.
Source: unknown; Homepage: none; No install spec โ this is an instruction-only skill.
Provide a homepage/source repository, align the install spec with the package contents, and keep dependency versions and lockfiles auditable.