Keyapi Linkedin User Analytics
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent KeyAPI LinkedIn analytics integration, but users should notice that it uses a KeyAPI token, can fetch/cache personal contact data, and includes a broad generic MCP runner.
Install only if you trust KeyAPI with your KEYAPI_TOKEN and the LinkedIn data you request. Use explicit LinkedIn tool/platform arguments, review any broad or all-pages collection, protect or delete the local .env and cache files, and follow applicable privacy and platform rules.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could over-collect data or call the wrong KeyAPI platform/tool, though the artifacts do not show hidden or automatic misuse.
The helper is a generic MCP runner rather than a LinkedIn-only wrapper, so an agent or user could invoke non-LinkedIn tools/platforms or fetch all pages if they choose those options.
--tool <name> MCP tool name to call ... --platform <name> Platform to target (default: tiktok) ... --all-pages Auto-fetch ALL pages
Use explicit LinkedIn platform/tool arguments, avoid --all-pages unless needed, and review high-volume data collection before running it.
Anyone with access to the skill directory may be able to read the KeyAPI token from the .env file.
When the token is entered interactively, the runner saves the KeyAPI token into a local .env file for future runs.
writeFileSync(envPath, `KEYAPI_TOKEN=${token}\n`, "utf8");Prefer a protected environment variable or secret manager when possible, restrict file permissions, and never commit the .env file.
LinkedIn contact details and profile/activity data may remain in local cache/output files after the task is complete.
The skill is designed to retrieve sensitive personal/professional data and use a cache-first workflow, so fetched data may persist locally or be reused.
retrieval of full professional profiles, contact details, follower/connection counts, published posts, comments, videos, images ... all through a unified, cache-first workflow
Treat cached results as sensitive, clear the cache when no longer needed, and ensure the data use complies with applicable privacy and platform rules.
Future installs could use a different MCP SDK patch/minor version than the one originally tested.
The skill depends on an npm package using a semver range, so installs may resolve to newer compatible versions over time.
"dependencies": { "@modelcontextprotocol/sdk": "^1.10.2" }Use a lockfile or pinned dependency version if reproducible installation is important.