Skillv1.0.4

ClawScan security

Linkedin Outreach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 8:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and resource usage are consistent with a LinkedIn browser-automation CLI; it stores session data locally and requests LinkedIn credentials (expected for this purpose).
Guidance: This skill appears to do what it says: it automates LinkedIn via a local Playwright-driven browser and stores session and usage files in ~/.config/linkedin-outreach. Before installing or running it, be aware that: (1) you will need Node.js and Playwright (Playwright may download browser binaries); (2) for auto-login you may provide your LinkedIn email/password — those are sensitive and will be used to create a local session file (session.json) that contains storageState (session cookies/tokens); (3) do not run untrusted binaries with your primary account — consider using a secondary/test account; (4) review the code locally if you plan to supply credentials, and back up or secure the ~/.config/linkedin-outreach directory if the machine is shared. If you want extra assurance, run the code in a disposable environment (container or VM) and inspect session/data files before and after use.

Review Dimensions

Purpose & Capability: okName/description (LinkedIn automation) matches the included CLI code and Playwright-based browser automation. Required resources (browser automation, local config) are appropriate for the stated functionality. There are no requests for unrelated cloud credentials or system-wide secrets.
Instruction Scope: okSKILL.md instructs running the CLI to login, search, connect, follow-up and generate reports; the code performs these actions via Playwright and stores data under ~/.config/linkedin-outreach. The instructions do not ask the agent to read unrelated files or exfiltrate data to unknown endpoints.
Install Mechanism: noteThis is an instruction-only skill with source files included (no platform install spec). It depends on Node.js >=18 and Playwright; installing/running will pull in Playwright and its browser binaries (expected for this tool). No arbitrary download URLs or extract steps are present in the repo.
Credentials: noteThe metadata declares no required env vars, while SKILL.md documents optional LINKEDIN_EMAIL / LINKEDIN_PASSWORD and a LINKEDIN_CONFIG path — asking for LinkedIn credentials is sensible for auto-login, but credentials are sensitive. Other than that, no unrelated secrets or many variables are requested.
Persistence & Privilege: okThe skill persists session.json, data.json and usage.json under ~/.config/linkedin-outreach to reuse sessions and track free-tier usage; this is consistent with its purpose. It does not request always:true, nor does it modify other skills or system-wide settings.