Back to skill

Security audit

Unipile Linkedin Sdk

Security checks across malware telemetry and agentic risk

Overview

This LinkedIn skill is transparent about its purpose, but it defaults to full account read/write authority that can send messages, invitations, posts, comments, and reactions.

Install only if you intentionally want a Unipile-backed LinkedIn automation tool. Set UNIPILE_PERMISSIONS=read before normal use, enable write only for a specific reviewed action, and keep the Unipile access token in environment variables or a secrets manager.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation claims read-only mode is 'safe' and involves 'no write operations', but a later example uses `notify: true` during profile retrieval, which can trigger a visible profile-view notification and create an external side effect. This is dangerous because users may rely on the safety claim and unknowingly perform actions that reveal their activity or intent to third parties.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases are broad enough to activate on common requests such as 'linkedin profile' or 'linkedin posts', which can cause the skill to run in contexts the user did not explicitly intend. Because this skill can access LinkedIn data and perform account-linked actions, overbroad activation increases the chance of unintended data access or account activity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The CLI defaults UNIPILE_PERMISSIONS to 'read,write', enabling mutating LinkedIn operations unless the user explicitly restricts it. In an agent or automation context, this increases the chance of unintended outbound actions such as sending messages, invites, comments, or posts with valid credentials.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.