Back to skill
Skillv1.0.0
VirusTotal security
linkedin-search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 2:46 AM
- Hash
- 1116a7990b7d5fe83b1a4f7de20db45dee1627e91a6985c311c6f231a3e68c8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: linkedin-search Version: 1.0.0 The skill automates LinkedIn scraping by instructing the agent to manipulate Chrome debug sessions and local files. It includes high-risk commands in `skill.md`, such as copying sensitive browser profile data (including 'Cookies' and 'Login Data') to the world-readable `/tmp` directory and using `pkill` to terminate processes. While these actions are technically aligned with the stated goal of automated searching, the handling of authentication secrets and the presence of a hardcoded local path (`/Users/junye/project/...`) suggest poor security hygiene and potential for unintentional data exposure, though no clear evidence of intentional exfiltration or malice was identified.
- External report
- View on VirusTotal