Linkedin Content
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly LinkedIn writing guidance, but it gives broad inference.sh command access and includes login/public X-posting steps that are not well bounded for a drafting skill.
Install only if you are comfortable using inference.sh. Verify the CLI installer manually, do not connect posting-capable accounts unless needed, and require the agent to draft content for review rather than publishing automatically.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incautiously, the agent could run inference.sh apps beyond drafting and potentially publish content to a connected account.
The skill grants a wildcard inference.sh command capability and includes a public-posting command, without scoping the app runner or requiring explicit approval before account-changing actions.
allowed-tools: Bash(infsh *) ... infsh app run x/post-create --input '{ "text": "Your cross-posted version here" }'Restrict the tool permission to specific read/search or draft-generation commands, remove the X posting command unless cross-posting is a declared feature, and require explicit user confirmation before any public post.
A connected account could be used for actions beyond LinkedIn drafting, including publishing to X.
The instructions involve logging in to a provider CLI and using a posting app, which implies delegated account authority that is not clearly bounded in the skill description or requirements.
curl -fsSL https://cli.inference.sh | sh && infsh login ... infsh app run x/post-create
Declare the credential/account requirements clearly, specify which accounts may be used, and require user approval for any action that posts or changes third-party account data.
Users would be trusting an external install script and binary distribution before using the skill's CLI workflow.
The skill documents a remote CLI install path. It is disclosed and includes a checksum-verification claim, but the install script itself is outside the provided artifact set.
curl -fsSL https://cli.inference.sh | sh && infsh login ... downloads the matching binary from `dist.inference.sh`, and verifies its SHA-256 checksum
Prefer the manual install and checksum verification path, and ensure the registry metadata declares the CLI dependency if it is required.