Unipile Linkedin Sdk
Security checks across malware telemetry and agentic risk
Overview
Review recommended: the skill matches its LinkedIn integration purpose, but it defaults to allowing full read/write LinkedIn actions, including messages and public posts.
Install only if you intend to let an agent access LinkedIn through Unipile. Before use, set UNIPILE_PERMISSIONS=read, enable write only temporarily for a specific action, and explicitly review any message, invitation, post, comment, or reaction before it is sent.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill with a valid token could perform visible LinkedIn actions from the user's account when a task triggers those commands.
If UNIPILE_PERMISSIONS is not set, the CLI allows write-capable LinkedIn operations by default, including messaging, invitations, posting, commenting, and reacting.
const PERMISSIONS = (process.env.UNIPILE_PERMISSIONS || 'read,write')...; const WRITE_COMMANDS = [ 'send', 'start-chat', 'invite', 'cancel-invite', 'create-post', 'comment', 'react' ];
Set UNIPILE_PERMISSIONS=read by default, enable write only for a specific task, and require explicit user confirmation before sending messages, invitations, posts, comments, or reactions.
Anyone or any agent process with this token may be able to access or modify LinkedIn data through Unipile, depending on token and local permission settings.
The skill needs a delegated Unipile access token that can act on the user's LinkedIn account; this is expected for the integration and is disclosed, but it is sensitive authority.
`UNIPILE_ACCESS_TOKEN` | ✅ Yes | Access token from [dashboard.unipile.com](https://dashboard.unipile.com) ... Your access token can perform actions on your behalf.
Use the least-privileged token available, keep it in a secret manager or environment variable, avoid committing it to files, and revoke or rotate it when no longer needed.
Private LinkedIn messages, contacts, and profile data may enter the agent conversation or logs when these read commands are used.
The skill can retrieve LinkedIn chat messages and print them into the agent/user output path. This is purpose-aligned, but it can expose private conversation content to the current agent session.
case 'messages': json(await client.messaging.getAllMessagesFromChat({ chat_id: params[0], limit: args.limit ? parseInt(args.limit) : undefined }));Limit reads to the specific account, chat, or profile needed; avoid broad message dumps; and do not share outputs containing private LinkedIn data.
Installing or updating dependencies from npm can change the code that handles the user's Unipile token and LinkedIn data.
The skill depends on an external npm SDK with a semver range. This is expected for a Unipile integration, and a lockfile is present, but dependency provenance still matters because the SDK handles account credentials and API calls.
"dependencies": { "unipile-node-sdk": "^1.9.3" }Install from trusted npm sources, prefer reproducible installs using the lockfile, and review dependency updates before use.