Security audit

LinkedIn Automator

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about LinkedIn automation, but it can act publicly from a logged-in LinkedIn account without strong per-action approval controls.

Install only if you are comfortable letting an agent use your logged-in LinkedIn account. Review every post, comment, like target, analytics request, and cron schedule before it runs, and consider using a dedicated browser profile. Clarify the packaged metadata mismatch with the publisher before relying on it for professional-account automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The description is broad enough that an agent could invoke this skill during ordinary discussion about LinkedIn, rather than only when the user clearly requests automation. Because the skill performs real browser actions on a logged-in social media account, ambiguous activation can lead to unintended posting, engagement, or account-affecting behavior with reputational and privacy consequences.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The top-level description presents a wide range of LinkedIn activities without clear boundaries between discussing strategy and executing automation. In this context, the skill requires browser access and an authenticated LinkedIn session, so ambiguous invocation is more dangerous because it can trigger external side effects on a real account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation encourages automated posting, commenting, engagement tracking, and scheduling on a logged-in LinkedIn account, but it does not warn about account suspension risk, accidental disclosure of sensitive information, reputational harm, or consent/privacy implications of automating social interactions. This is especially dangerous because the skill is designed to operate on a real identity and public-facing platform, where mistakes are externally visible and hard to reverse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script directs an agent to access authenticated LinkedIn analytics and per-post performance data, which are account-specific and potentially sensitive, but it provides no notice, consent check, minimization guidance, or handling restrictions. In this skill context, the risk is elevated because the agent is expected to operate in a logged-in browser session, so it could collect and return private account data more broadly than the user intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal