Skillv1.0.0

ClawScan security

linkedin-candidate-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:43 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what its name says, but its runtime instructions require copying browser login data and force-killing Chrome and include hard-coded paths and assumptions that are disproportionate and risky.
Guidance: Before installing or running this skill, be aware it instructs you to copy your Chrome browser profile (Cookies, Login Data, Local State) and forcibly kill Chrome. Those files can expose all of your signed-in sessions (not just LinkedIn). Consider safer alternatives: use the official LinkedIn API or an automation flow that requires you to manually log into a dedicated browser profile (or a temporary/disposable Chrome profile) rather than copying your primary profile. If you must run it, do so in an isolated environment (throwaway VM or container), do not use your personal account, inspect and securely delete any temporary files under /tmp afterward, and ask the skill author to (1) remove hard-coded user paths, (2) avoid recommending pkill -9, and (3) document precisely why each browser file is needed. If the author cannot justify copying full profile files, treat this as a significant red flag.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (automated LinkedIn candidate search via a Chrome debugging session) matches most of the instructions (use remote debugging, navigate Google/LinkedIn, extract profiles). However the instructions ask the user to copy Chrome profile files (Cookies, "Login Data", "Local State" etc.) and to run pkill -9 on Chrome — operations that go beyond merely driving a logged-in browser instance and expose broad credentials. The skill also hard-codes a macOS user path (/Users/junye/...) despite having no OS restriction, which is incoherent.
Instruction Scope: concernSKILL.md tells the agent to perform sensitive system operations at runtime: forcibly kill Chrome processes, copy Chrome profile files containing cookies/credentials into /tmp, verify login by executing JS in pages, and read/write files under a project directory. Copying full browser profile data can expose all site sessions, not just LinkedIn. The instructions also require a specific working directory and suggest automatic repairs (mkdir and copying), giving the agent wide ability to read and write local files.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only, so there is no package download or installation-time risk. However runtime operations (copying profile files) will write data to disk during execution.
Credentials: concernThe skill declares no required environment variables or credentials, but its runtime instructions implicitly require access to highly sensitive credentials (browser Cookies/Login Data). Requesting raw browser profile files is not proportional to the declared requirements and effectively asks for credentials without declaring them. The hard-coded macOS path also assumes access to a specific user's home directory.
Persistence & Privilege: noteThe skill does not request always: true and does not modify other skills. It will create local directories (./linkedin-save/) and copy Chrome profile data into /tmp, which may leave sensitive artifacts on disk. It also recommends killing Chrome and re-launching with a temp profile, which is a transient but intrusive privilege.