Skillv1.0.0

ClawScan security

linkedin-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a LinkedIn scraping/searcher, but it omits how it will authenticate and explicitly instructs using the Chrome DevTools protocol (which can attach to your browser and access session data) and writes candidate profiles to disk — these gaps and privacy risks are unexplained and warrant caution.
Guidance: Before installing or running this skill, ask the author exactly how it authenticates to LinkedIn: does it use only public Google-indexed pages, require LinkedIn credentials, or attach to your running Chrome and reuse your browser profile/cookies? Attaching to your browser can expose other logged-in sessions and sensitive cookies. Note that the skill will write candidate profiles (which may contain personal data) to ./linkedin-save/{role}/ on disk — ensure you are comfortable with that storage location and retention. Consider running the skill in an isolated environment (VM/container) or with a throwaway LinkedIn account if you need full-profile access. Also be aware that automated scraping of LinkedIn may violate LinkedIn's terms of service; if that matters for your organization, get legal/IT approval. If you want to proceed, request from the author a clear description of the runtime steps (how Chrome/CDP is launched/attached, whether credentials/cookies are used, and whether any data is sent to external endpoints).

Review Dimensions

Purpose & Capability: noteThe name/description (LinkedIn candidate search + dedup/save) aligns with the instructions to build site:linkedin.com search queries, load profiles, infer criteria, and save results. However, the skill never declares how it will authenticate to LinkedIn (if needed) or whether it only uses public Google-indexed profiles; that omission is relevant because many profile details require a logged-in session.
Instruction Scope: concernSKILL.md explicitly directs the agent to use the Chrome DevTools (CDP/MCP) to load LinkedIn pages, parse profile headers/experience, and save profile files under ./linkedin-save/{role}/ to avoid duplicates. That scope includes reading live web pages and writing local files (expected), but using DevTools implies attaching to a browser process which can access cookies/auth sessions and other site state. The instructions do not state whether it will reuse an existing browser profile, launch an isolated browser, or require credentials — this is a privacy/attack-surface concern.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. Nothing will be written or installed by default by the skill bundle itself (lower risk).
Credentials: noteNo environment variables, binaries, or credentials are declared, which is reasonable if only public Google-indexed LinkedIn pages are used. But in practice full profile details and some LinkedIn pages require authentication; the absence of any declared credential or cookie-handling instructions is an unexplained gap. If the implementation intends to attach to the user's running Chrome to reuse an authenticated session, that grants access to cookie/session data without any explicit consent plumbing in the manifest.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable (defaults). It does instruct writing saved profiles to a local path (its own data use), which is normal for its function. It does not claim to alter other skills or system-wide configs.